Sam,
The problem of an entity in the middle giving disparate information to
the peer and the server is in fact easier to solve than the problem
Vidya summarized. The disparate information problem has been described
in the EAP Keying Framework document and elsewhere too.
To my understanding, we are beyond that point in the discussion in HOKEY
and considering the new case of the entity in the middle lying to both
sides and attempting to get a key that another entity in the middle is
supposed to get.
Let me put it this way, both issues are considered problems to
address/solve in this case.
regards,
Lakshminath
Sam Hartman wrote:
Vidya, I found the model you proposed didn't fit what Dan was talking
about very well. In particular, Dan wants to focus on problems
resulting from the fact that the name of the authenticator used
between the peer and the authenticator may be different than the name
of the authenticator used between the authenticator and the AAA
server. That distinction did not figure prominently enough in your
argument that I could tell whether you and Dan are talking about the
same thing nor whether I could even tell if I agreed with you. I'd
recommend refocusing your model on this distinction; I think once you
do we may well make significant progress on discussing a long-standing
issue.
--Sam
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf