#19: Method Chaining > Section 3.3 > > " Several circumstances are best addressed by using chained EAP > methods. For example, it may be desirable to authenticate the user > and also authenticate the device that he or she is using." > This requirement can be met by support for cryptographic > binding, without chaining of EAP methods. For example, the > combination of TLS and an inner method can support > user/device auth. Given that, why is support for chained > methods a must, and not device/user auth support? > and > Section 4.6.2 > > " The tunnel method MUST support the chaining of multiple > EAP methods. > The tunnel method MUST allow for the communication of intermediate > result and verification of compound binding between executed inner > methods when chained methods are employed. > " > > Given that the basic use case (machine + user auth) doesn't > require chaining of EAP methods, why is this a MUST? >
-- Comment(by [email protected]): In the Stockholm meeting there was indication that there were other mechanisms that could require chaining, such as posture checking. People seemed to favor changing from MUST to SHOULD. -- Ticket URL: <http://trac.tools.ietf.org/wg/emu/trac/ticket/19#comment:1> emu <http://tools.ietf.org/wg/emu/> _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
