>>>>> "Alper" == Alper Yegin <[email protected]> writes:
> We both agree that a reliable lower layer needs to be
> sufficient to deal with network problems.
> As I understand it, we're exploring the case where
> retransmissions would deal with an attacker. So, I think
> what you're saying is that if an implementation performs a
> retransmit when it gets a malicious packet, it can be more
> robust.
> We're presumably talking about an attacker that can
> insert packets but not modify them or suppress them. An
> attacker who can modify or suppress packets can fairly
> clearly DOS the EAP conversation. If nothing else, they can
> simply make sure the packet is always corrupted.
> For this to be valuable there need to be EAP methods that
> are robust under EAP-layer retransmission but not other
> higher-layer retransmission.
> Sam,
Alper> Correction to your statement above:
Alper> We are talking about the necessity of EAP-layer or EAP
Alper> lower-layer server-side re-transmission being necessary. You
Alper> are proposing getting by with client-side re-transmissions.
For the record, I believe my original statement accurately reflects my
meaning and your correction does not.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
