I am the assigned Gen-ART reviewer for
draft-zhou-emu-fast-gtc-03.txt
For background on Gen-ART, please see the FAQ at
<http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html>.
Please resolve these comments along with any other Last Call comments
you may receive.
Summary: This draft is almost ready for publication as informational RFC
but I have a couple of comments.
Substantial
===========
* This method uses an ASCII null character '\0' to delimit the username
and the password. Given that the username can be in the RFC4282 NAI
format and the grammar allows for a '\0' to be part of the NAI, there
needs to be some clarifying text on what happens if there are other '\0'
characters in the response.
Minor
=====
* The draft does not specify what the client needs to do if the R flag
is set to 0 in the error case. e.g. Some text like this (I do not know
what the authors intended to do, so take this with a grain of salt) will
make things much clearer.
"When the server sets this flag to '0' the peer should not prompt the
user for new credentials to try again without restarting the EAP-FAST
authentication from the beginning"
Cheers
Suresh
_______________________________________________
Gen-art mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/gen-art
