Hi Luke: That kind of fast re-auth based on Kerberos is also intrinsic to draft-perez-abfab-eap-gss-preauth-01
Best regards. El 12/03/2012, a las 13:18, Luke Howard escribió: > I haven't read the draft, but note that the Moonshot implementation provides > fast reauth based on Kerberos tickets. > > Sent from my iPhone > > On 12/03/2012, at 11:16 PM, Rafa Marin Lopez <[email protected]> wrote: > >> Hi Yinxing: >> >> I have seen that you have also mentioned and described the problem of fast >> re-authentication in your I-D. We have been just discussing as you may have >> noticed. >> >> Although I am still in favor to define a general problem statement for this >> in ABFAB before going to solution space, I must say that here in UMU we have >> been thinking about a possible solution for providing this fast >> re-authentication procedure, which may have some similarities with yours. >> >> Basically, since GSS-EAP is used in ABFAB to provide authentication, our >> idea is to use ERP (RFC 5296) (and the associated infrastructure) to provide >> fast re-authentication in ABFAB. After all, ERP is the standard to reduce >> the authentication time in EAP-based authentications. >> >> In this way, we could extend GSS-EAP or create a GSS-ERP mechanism to >> transport ERP messages within GSS tokens. Something like: >> >> >> 1. Initiator --> Acceptor: GSS-EAP (EAP Initiate/Re-auth(SEQ, keyName-NAI, >> cryptosuite,Auth-tag*)) >> 1a. Acceptor --> ER-Server: AAA-Request{Authenticator-Id, >> EAP Initiate/Re-auth(SEQ,keyName-NAI, >> cryptosuite,Auth-tag*) >> >> 2. ER-Server --> Acceptor: AAA-Response{rMSK, >> EAP-Finish/Re-auth(SEQ,keyName-NAI, >> cryptosuite,[CB-Info],Auth-tag*) >> >> 2b. Acceptor --> Initiator: GSS-EAP (EAP-Finish/Re-auth(SEQ,keyName-NAI, >> cryptosuite,[CB-Info],Auth-tag*)) >> >> >> Even the ER-Server could be placed near the server (local ER server) >> reducing the travel time of the messages. >> >> Obviously this is just an idea, which needs to be elaborated and discussed. >> In fact, as I said, I think it would be better to start defining a problem >> statement, requirements etc... for fast re-authentication in ABFAB. UMU >> would be willing to work on that. >> >> Best regards. >> >> El 12/03/2012, a las 10:18, [email protected] escribió: >> >>> >>> Hi, all >>> >>> An updated version of Federated Cross-Layer Access >>> (draft-wei-abfab-fcla-02) is posted. >>> The major changes is in claust 4 : >>> - 4. message flow >>> - 4.1 fast re-authentication >>> - 4.2 secure data sharing >>> >>> here is the draft: >>> http://www.ietf.org/id/draft-wei-abfab-fcla-02.txt >>> >>> Any comments are appreciated! >>> >>> ------------- >>> Yinxing Wei >>> >>> -------------------------------------------------------- >>> ZTE Information Security Notice: The information contained in this mail is >>> solely property of the sender's organization. This mail communication is >>> confidential. Recipients named above are obligated to maintain secrecy and >>> are not permitted to disclose the contents of this communication to others. >>> This email and any files transmitted with it are confidential and intended >>> solely for the use of the individual or entity to whom they are addressed. >>> If you have received this email in error please notify the originator of >>> the message. Any views expressed in this message are those of the >>> individual sender. >>> This message has been scanned for viruses and Spam by ZTE Anti-Spam system. >>> _______________________________________________ >>> abfab mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/abfab >> >> ------------------------------------------------------- >> Rafael Marin Lopez, PhD >> Dept. Information and Communications Engineering (DIIC) >> Faculty of Computer Science-University of Murcia >> 30100 Murcia - Spain >> Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] >> ------------------------------------------------------- >> >> >> >> >> _______________________________________________ >> abfab mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/abfab ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] -------------------------------------------------------
_______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
