On Feb 3, 2023, at 6:56 AM, Alexander Clouter <[email protected]> wrote:
> Another chunk of greyness (at least to me) is the server has sent a Result
> TLV (not intermediate) and then later after another method or chain of
> methods it is expected to send it again.
I would argue that Result TLV is final. The Intermediate-Result TLV is for
... intermediate results.
I'll take a pass and see if I can clean that up.
> Should we state somewhere that the client can "effectively rollback the
> entire inner state machine" so Result TLV is not final for the whole session?
>
> Should the client be able to do this multiple times?
I would say "no".
> On a related note, the document does litter with ('Result-TLV') and without
> the hyphen ('Result TLV') all over the place for this and other attributes.
>
> Makes Ctrl-F a bit of a pain...do we think we should fix this up; personally
> prefer *with* the hyphen so I can steer results towards statements about TLVs
> rather than stand alone words?
I would prefer without the "-". The name of the thing is "Crypto-Binding".
The type of the thing is "TLV".
> I was thinking more:
>
> Identity-Hint = "bob" -->
>
> <-- EAP-Identity Request
>
> EAP-Identity Response = "not bob" -->
>
> <-- huh? wat?!
Yes, that's an issue. The simplest thing is to perhaps note that it's an
issue, and leave it as that.
>> For me it's also partly about not forbidding certain work flows.
>> Right now, "select auth based on identity" is either impossible, or
>> requires extra "oopsie" packet exchanges. That doesn't seem right.
>
> Reducing RTT's smells like something to resolve for TEAPv2?
That is a pretty good argument TBH.
Alan DeKok.
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
