Hi Uri, I have a different view. Mandating generation of EMSK without having defined its usage *when it was introduced* seems not much different from not having defining it at all. It looks like selling a key without a lock, make the lock later and say "You MUST use this key and lock for your car." Make sense??
Yoshihiro Ohba On Fri, Nov 17, 2006 at 09:22:04AM -0500, Blumenthal, Uri wrote: > >The discussion focuses on the problem EMSK is optional or mandatory. > > I don't think this is a problem - GENERATION of EMSK is compulsoty as > spelled out in RFC 3578. > > The problem is non-compliance. Some, er, people seem to think "the > standard says do A, but since I don't use A at the moment - I won't > bother." > > >RFC3578 defined EMSK is mandatory, > > And that should be the end of discussion. > > > but it is not used at all. > > First - do you know all the applications that use key-generating EAP > methods? But really - who cares? > > >If EMSK must be used, it is mandatory. if no, I think, > >it may be better that it is optional. > > VERY strongly disagree. Mandatory is what is explicitly specified as > mandatory, period. Otherwise many would implement just those pieces and > features of the standard that his particular product needs today. > > (I'm proud of my restraint - not even once using a term "B*S*" :-) > _______________________________________________ > Hokeyp mailing list > [EMAIL PROTECTED] > http://www.opendiameter.org/mailman/listinfo/hokeyp > _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
