I'm fine with this text.
Either with eap-lower-layer as a MUST or the more complex version.
, 2013 7:23 PM
To: Black, David
Cc: stefan.win...@restena.lu; General Area Review Team; ab...@ietf.org;
ietf@ietf.org
Subject: Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03
Thanks for the text, some revision to address
On Jun 18, 2013, at 12:34 PM, Black, David
david.bl
...@ietf.orgmailto:ab...@ietf.org;
ietf@ietf.orgmailto:ietf@ietf.org
Subject: Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03
I think we could state this a bit better as something like:
In environments where EAP is used for applications authentication and network
access authentication all
Black, == Black, David david.bl...@emc.com writes:
Black, The next to last paragraph on p.3 begins with this sentence:
Black,For these reasons, channel binding MUST be implemented by
Black, peers, EAP servers and AAA servers in environments where EAP
Black, authentication is
Subject: Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03
Black, == Black, David david.bl...@emc.com writes:
Black, The next to last paragraph on p.3 begins with this sentence:
Black,For these reasons, channel binding MUST be implemented by
Black, peers
On Jun 18, 2013, at 7:18 AM, Sam Hartman hartm...@painless-security.com
wrote:
Black, == Black, David david.bl...@emc.com writes:
Black, The next to last paragraph on p.3 begins with this sentence:
Black,For these reasons, channel binding MUST be implemented by
Black,
I think we could state this a bit better as something like:
In environments where EAP is used for applications authentication and
network
access authentication all EAP servers MUST understand channel bindings and
require that application bindings MUST be present in application
Joe, eap-lower-layer is not required for application authentication if
there's some other attribute that's specific to the lower layer. For
example Moonshot sends gss-acceptor-service-name but does not currently
send eap-lower-layer, and doing that seems consistent with the
requirements of the
On Jun 18, 2013, at 11:39 AM, Sam Hartman hartm...@painless-security.com
wrote:
Joe, eap-lower-layer is not required for application authentication if
there's some other attribute that's specific to the lower layer. For
example Moonshot sends gss-acceptor-service-name but does not currently
Team;
ab...@ietf.org; ietf@ietf.org
Subject: Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03
On Jun 18, 2013, at 7:18 AM, Sam Hartman hartm...@painless-security.com
wrote:
Black, == Black, David david.bl...@emc.com writes:
Black, The next to last paragraph on p.3
Area Review Team; ab...@ietf.org;
ietf@ietf.org
Subject: Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03
I think we could state this a bit better as something like:
In environments where EAP is used for applications authentication and
network
access authentication
11 matches
Mail list logo
