Sam,
I suggested to replace "application" with "lower-layer" in your text and
Jim was against my suggestion. To continue the discussion, I asked a
question whether GSS EAP token carries a sequence number but it was not
answered yet. My point is that GSS-EAP solely cannot be considered as
an EAP lower layer unless GSS-EAP itself provides in-order delivery of
EAP message. For the same reason, IEEE 802.1X can be considered as an
EAP lower-layer only if 802.1X frame is carried over Ethernet or alike
media that provides in-order delivery of EAP message.
Yoshihiro Ohba
(2013/01/19 4:45), Sam Hartman wrote:
So, I was wondering what's up with the EAP applicability draft and why
we've not made more progress. I'm kind of glad I didn't ask the question
but instead went back to my notes, because I discovered that I dropped
the ball.
I already put forward some text on retransmission; Jim and Yoshi
provided edits and they were happy with that.
I don't think Alper was happy with the result; the chairs and editors of
EAP applicability will need to resolve who is in the rough there.
However, I also promised text on re-authentication.
Proposed text:
EAP lower layers MAY provide a mechanism for re-authentication to happen
within an existing session [RFC 3748]. Diameter standardizes a mechanism
fro an AAA server to request re-authentication [RFC
4005]. Re-authentication permits security associations to be updated
without establishing a new session. For network access, this can be
important because interrupting network access can disrupt connections
and media.
Some applications might not need re-authentication support. For example
if sessions are relatively short-lived or if sessions can be replaced
without significant disruption, re-authentication might not provide
value. Protocols like HypertextTransport Protocol (HTTP) and Simple
Mail Transport Protocol (SMTP) are examples of protocols where
establishing a new connection to update security associations is likely
to be sufficient.
Re-authentication is likely to be valuable if sessions or connections
are long-lived or if there is a significant cost to disrupting them.
Another factor may make re-authentication important. Some protocols only
permit one side of a connection (for example the client) to establish a
new connection. If another party in the protocol MAY need the security
association refreshed then re-authentication can provide a mechanism to
do so.
Lower layers SHOULD describe whether re-authentication is provided and
which parties can initiate it.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
