Hi Stefan,
> 3.1 Password Auth
> --------------------------
>
> "support for minimal management tasks including password
> change". I fail to see why a management mechanism to *change*
> the password is needed
> *during* the authentication... ?
This is a desirable property IMHO. It's not unusual for directories to
employ policies that limit the use of credentials if they are about to
expire. If you can't log on to the network to change your credentials so
that you can log onto the network, you have a chicken-and-egg situation.
{EAP-}MSCHAP allows this, of course, so perhaps it doesn't need to be a
property of the outer-method providing that the outer-method doesn't
preclude the option.
> 3.8 Resource constrained Environments
> -------------------------------------
>
> The document has the implicit requirement to use TLS for the
> tunnel method, which is computationally intensive in itself.
> A device which is able to establish a TLS tunnel apparently
> has a decent amount of computational resources.
TLS is not itself a CPU intensive protocol, although some of the cipher
suites are.
best regards, josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
