>>>>> "Alper" == Alper Yegin <[email protected]> writes:
Alper> I won't be there either, so here are my comments on Sam's
Alper> slides: Slide 5: Please elaborate the pros and cons of
Alper> re-auth. There's a reference to some apps replacing session
Alper> easily. It'd be good to have a example of that for a better
Alper> understanding.
I'd appreciate help on the proes.
The big pro that I see is that re-auth is necessary if you need to
change security parameters and breaking down your session has
consequences.
It's obvious to see this in network access.
Alper> Slide 6: "Application authorization lifetime". We need to
Alper> expand on the meaning of that, or use a more precise
Alper> terminology. I If this is about "authorizing the application
Alper> client to use the given application protocol", then that
Alper> authorization's lifetime is dictated by the MSK
Alper> lifetime. It's the use of MSK or its derivative protecting
Alper> the application protocol that proves to the server that the
Alper> client is authorized. I.e., no key => nothing to prove
Alper> authorization with.
There are a number of cases where this is not true .
For example with the GS2 sasl mechanism keying at the TLS layer is not
affected by the MSK.
The EAP authentication is only used for RFC 5056 channel binding.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
