This discussion points out behavior that can result in some problems so I think we need to cover this somewhere either in the applicability statement or in EAP-GSS. We need to consider it in TEAP, but the issue is broader than TEAP.
Joe On Oct 25, 2012, at 9:53 PM, Sam Hartman wrote: >>>>>> "Jim" == Jim Schaad <[email protected]> writes: > > Jim> I have been looking at TEAP and am worried about silent > Jim> discarding of packets. > > Jim> Since in the ABFAB environment, it is assumed that the > Jim> transport is reliable, there is a possibility that a difference > Jim> of opinion about what constitutes a good packet between the > Jim> server and the client could cause a dead-lock situation in the > Jim> protocol. > > Silent discard seems kind of inconsistent with a lower layer with > infinite timeout, don't you think? > > Actually fixing that seems out of scope for just an applicability update > and is something we should discuss in EMU. > we can definitely discuss the TEAP specific version there. > For the applicability statement it seems like we should note this. > > I've reviewed eap-ikev2, and it does seemed that it could be part of a > solution to provide DOS robustness. A lot of other things about the EAP > implementation, lower layer, security association protocol, etc all need > to be true for you to actually get that benefit. > > I think this discussion has been quite useful and I'll try to work on > text to propose for the applicability statement focusing on how this all > impacts applications. > > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
