eap-22----Page:6
1 2 3 4 5 6 7 8 9 10 11
|
80 - Success indications and policy Problem: Is satisfied policy enough or do we need a SUCCESS packet? Arguments: A SUCCESS packet might never come if its lost OTOH, alternative indications have already been discouraged If no sequences, then its easy to use method success indications Key synchronization may depend on SUCCESS Resolution: (1) Require a SUCCESS packet always Have to rerun if the SUCCESS packet is lost (2) Don’t require a SUCCESS packet Security effects? But SUCCESS packet’s aren’t authenticated anyway... (3) Require a SUCCESS packet unless you had an alternative success indication E.g. mutual authentication. Without sequences, there’d be no legal way to fail after this |