Hi all,
Few more comments:
1) Section "3.3.4. Protected Termination and Acknowledged Result
Indication"
Except as noted below, the Crypto-Binding TLV MUST be
exchanged and verified before the final Result TLV exchange,
regardless of whether or not there is an inner EAP method
authentication. The Crypto-Binding TLV and Intermediate-Result TLV
MUST be included to perform cryptographic binding after each
successful authentication in a sequence of one or more inner
authentications.
--this is confusing by introducing another term "inner authentication" in
addition to two existing in the document "inner method" and "inner EAP
method". Please note that there could be no real authentication but just
unsuccessful inner EAP method negotiation or even just exchange of Identity
Request/Response. Maybe we should do a very formal approach:
• Define inner method as something that is conducted in Phase 2
• Define two types of inner method - inner EAP method (that starts with
Identity Request, no matter whether it performs authentication or not) and
basic password authentication and treat them in the same way
• We should also consider the option when there's no inner method in Phase 2
The same regarding the section "3.6. Error Handling, item #3" and "4.2.11.
Intermediate-Result TLV" and few other places.
2) Nit: Section "5.2. Intermediate Compound Key Derivations" - looks that
the concatenation operator is escaped, while in the other places it is not:
IMCK[j] = TLS-PRF(S-IMCK[j-1],
"Inner Methods Compound Keys" \|\|
3) Are we planning to address all errata items in this review cycle? Some
of them are not yet in.
Thanks
Oleg
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
