>>>>> "Alper" == Alper Yegin <[email protected]> writes:
Alper> Furthermore, as we discussed in PCP WG there's another
Alper> problem. Sam is proposing to decouple EAP security
Alper> association management from the application state. More
Alper> specifically, even after the EAP session is release/timed
Alper> out, application may still be in use. What that means is, if
Alper> the server has an application message that is pending to be
Alper> transmitted to the client, and if at that time there's no
Alper> security association available (see above), then the server
Alper> needs to initiate re-authentication in order to re-generate a
Alper> security association and send the app message securely.
Hmm, that's not how I'd think about this at all.
I'd describe it as follows. In a peer-to-peer protocol, you sometimes
have messages you'd like to send to peers for which you have no security
state.
In that case you can either:
1) send an insecure message
2) establish security state.
The question of whether you previously had state with a peer seems a
needless complication.
Regardless, I don't think this issue has much to do with the EAP
applicability statement.
Similar issues show up all over the place with SIP, XMPP, etc.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
