[Emu] Issue #19: Method Chaining

To: <emu at ietf.org>
Subject: [Emu] Issue #19: Method Chaining
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Thu, 6 Aug 2009 12:43:50 -0700
Authentication-results: sj-dkim-4; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1354; t=1249587830; x=1250451830; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20Issue=20#19=3A=20Method=20Chaining |Sender:=20; bh=8NyXRYV+3xrSlneN7bWF+I7/+OxvMVlzkzZ8o4CYD2M=; b=uNJPlta5Wn2Px7b64mDg+pvNSVK+ubg+4jtJ3qN0KnaG1UsnovNfuTPSow oj1HxIxPcde2AT2UztuRnkBEZviFSdJ+Fn6rDQ45ssd+om2v134a0ZbXFTS9 EVuIP+VKhS;
List-archive: <http://www.ietf.org/mail-archive/web/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AcoWzeZWWi30NxybRpW3/EmLFyyDdwAACnFQ
Thread-topic: Issue #19: Method Chaining

#19: Method Chaining

 > Section 3.3
 >
 > "  Several circumstances are best addressed by using chained EAP
 >    methods.  For example, it may be desirable to authenticate the
user
 >    and also authenticate the device that he or she is using."
 > This requirement can be met by support for cryptographic
 > binding, without chaining of EAP methods.  For example, the
 > combination of TLS and an inner method can support
 > user/device auth.  Given that, why is support for chained
 > methods a must, and not device/user auth support?
 >
 and
 > Section 4.6.2
 >
 > "   The tunnel method MUST support the chaining of multiple
 > EAP methods.
 >    The tunnel method MUST allow for the communication of intermediate
 >    result and verification of compound binding between executed inner
 >    methods when chained methods are employed.
 > "
 >
 > Given that the basic use case (machine + user auth) doesn't
 > require chaining of EAP methods, why is this a MUST?
 >

--

Comment(by jsalowey at cisco.com):

 In the Stockholm meeting there was indication that there were other
 mechanisms that could require chaining, such as posture checking.
People
 seemed to favor changing from MUST to SHOULD.

-- 
Ticket URL: <http://trac.tools.ietf.org/wg/emu/trac/ticket/19#comment:1>
emu <http://tools.ietf.org/wg/emu/>

Follow-Ups:
- Re: [Emu] Issue #19: Method Chaining
  - From: Joseph Salowey (jsalowey)

Prev by Date: [Emu] Issue #18: Internationalization
Next by Date: [Emu] Issue #20: Method Meta-Data
Previous by thread: [Emu] Issue #18: Internationalization
Next by thread: Re: [Emu] Issue #19: Method Chaining
Index(es):
- Date
- Thread

[Emu] Issue #19: Method Chaining

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.