Re: [Emu] Issue #19: Method Chaining

To: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>, <emu at ietf.org>
Subject: Re: [Emu] Issue #19: Method Chaining
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Tue, 8 Sep 2009 19:06:40 -0700
Authentication-results: sj-dkim-1; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1963; t=1252462001; x=1253326001; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20RE=3A=20[Emu]=20Issue=20#19=3A=20Method=20Chain ing |Sender:=20; bh=9NPDX1jNcjuAdOFfRr/y75TH0AXlfcn5/SYlh8YVuY8=; b=GJgYjR4c3ehlr9bMq8Q0HWRaA3AjEDr7KD/aMBiaZqpYuUWxu4EcyYIogJ KKgKQamxGJiQj36GBqPRXjTrNgfMHboggEcuYzhZM1NPvQpoD3cjTmeW2l5g FqJzvfE7uMyJW+GTEc9NmJErNbtcfVfJOTCC8U2r0iEXZmoOs1vg0=;
In-reply-to: <AC1CFD94F59A264488DC2BEC3E890DE50883CEED at xmb-sjc-225.amer.cisco.com>
List-archive: <http://www.ietf.org/mail-archive/web/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <AC1CFD94F59A264488DC2BEC3E890DE50883CEED at xmb-sjc-225.amer.cisco.com>
Thread-index: AcoWzeZWWi30NxybRpW3/EmLFyyDdwAACnFQBoj/HsA=
Thread-topic: [Emu] Issue #19: Method Chaining

Any objection to changing MUST to SHOULD for method chaining?

Thanks,

Joe 

> -----Original Message-----
> From: emu-bounces at ietf.org [mailto:emu-bounces at ietf.org] On 
> Behalf Of Joseph Salowey (jsalowey)
> Sent: Thursday, August 06, 2009 12:44 PM
> To: emu at ietf.org
> Subject: [Emu] Issue #19: Method Chaining
> 
> #19: Method Chaining
> 
>  > Section 3.3
>  >
>  > "  Several circumstances are best addressed by using chained EAP
>  >    methods.  For example, it may be desirable to authenticate the
> user
>  >    and also authenticate the device that he or she is using."
>  > This requirement can be met by support for cryptographic  
> > binding, without chaining of EAP methods.  For example, the 
>  > combination of TLS and an inner method can support  > 
> user/device auth.  Given that, why is support for chained  > 
> methods a must, and not device/user auth support?
>  >
>  and
>  > Section 4.6.2
>  >
>  > "   The tunnel method MUST support the chaining of multiple
>  > EAP methods.
>  >    The tunnel method MUST allow for the communication of 
> intermediate
>  >    result and verification of compound binding between 
> executed inner
>  >    methods when chained methods are employed.
>  > "
>  >
>  > Given that the basic use case (machine + user auth) 
> doesn't  > require chaining of EAP methods, why is this a MUST?
>  >
> 
> --
> 
> Comment(by jsalowey at cisco.com):
> 
>  In the Stockholm meeting there was indication that there 
> were other  mechanisms that could require chaining, such as 
> posture checking.
> People
>  seemed to favor changing from MUST to SHOULD.
> 
> --
> Ticket URL: 
> <http://trac.tools.ietf.org/wg/emu/trac/ticket/19#comment:1>
> emu <http://tools.ietf.org/wg/emu/>
> 
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www.ietf.org/mailman/listinfo/emu
>

References:
- [Emu] Issue #19: Method Chaining
  - From: Joseph Salowey (jsalowey)

Prev by Date: Re: [Emu] Issue #18: Internationalization
Next by Date: Re: [Emu] #18 Internationalization of error messages
Previous by thread: [Emu] Issue #19: Method Chaining
Next by thread: [Emu] Issue #20: Method Meta-Data
Index(es):
- Date
- Thread

Re: [Emu] Issue #19: Method Chaining

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.