>>>>> "Rafa" == Rafa Marin Lopez <[email protected]> writes:
Rafa> Hi Sam: From what I recall, I suggested to move to the
Rafa> subtoken option because synthesizing an EAP response/id was
Rafa> not a good idea.
Rafa> The reasons were explained here
Rafa> http://www.ietf.org/mail-archive/web/abfab/current/msg00947.html
Right.
I think we all agree with you and appreciate that input.
Rafa> Nevertheless I am still wondering what is the benefit. Let me
Rafa> explain. Fast re-authentication is generally important but we
Rafa> are just saving a round trip between initiator and acceptor,
Rafa> which are not too much in comparison with the number of
Rafa> messages involved during a whole EAP authentication and the
Rafa> travel the messages have to do all the way to the home AAA/EAP
Rafa> server. So basically I believe reducing that part does not
Rafa> help too much if we do not reduce the real critic parts as the
Rafa> number of EAP messages or the fact they have to reach the home
Rafa> AAA/EAP server.
You may well be right. I had not fully thought this through.
It sounds like you'd be happy holding off on this change if we ever make
it.
When we are next in person I'd like to discuss this sort of optimization
with you in more detail.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
