Forwarding to the EMU list which works on EAP methods. Begin forwarded message:
> From: Robert Cragie <robert.cra...@gridmerge.com> > Date: February 22, 2011 7:30:27 AM PST > To: t...@ietf.org > Subject: [TLS] Alert processing in RFC 5216 > Reply-To: robert.cra...@gridmerge.com > > I have a question about RFC 5216 (EAP-TLS) regarding the conversation > illustrated on page 10 introduced by "In the case where the server > authenticates to the peer successfully, but the peer fails to authenticate to > the server, the conversation will appear as follows:". Shouldn't the > conversation appear as follows, i.e. where the alert is sent from the server > instead of the change_cipher_spec and finished from the server? This is > because the server can tell at the point it receives the client's finished > message that authentication has failed. Or am I missing something? > > Authenticating Peer Authenticator > ------------------- ------------- > <- EAP-Request/ > Identity > EAP-Response/ > Identity (MyID) -> > <- EAP-Request/ > EAP-Type=EAP-TLS > (TLS Start) > EAP-Response/ > EAP-Type=EAP-TLS > (TLS client_hello)-> > <- EAP-Request/ > EAP-Type=EAP-TLS > (TLS server_hello, > TLS certificate, > [TLS server_key_exchange,] > TLS certificate_request, > TLS server_hello_done) > > EAP-Response/ > EAP-Type=EAP-TLS > (TLS certificate, > TLS client_key_exchange, > TLS certificate_verify, > TLS change_cipher_spec, > TLS finished) -> > <- EAP-Request > EAP-Type=EAP-TLS > (TLS Alert message) > EAP-Response/ > EAP-Type=EAP-TLS -> > <- EAP-Failure > (User Disconnected) > > Regards > > Robert > > _______________________________________________ > TLS mailing list > t...@ietf.org > https://www.ietf.org/mailman/listinfo/tls _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu