> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Stefan Winter > Sent: Tuesday, August 12, 2008 6:40 AM > To: Josh Howlett > Cc: emu@ietf.org > Subject: Re: [Emu] Review of emu-eaptunnel-req-00, chunk 1 > > Hi, > > > This is a desirable property IMHO. It's not unusual for > directories to > > employ policies that limit the use of credentials if they > are about to > > expire. If you can't log on to the network to change your > credentials > > so that you can log onto the network, you have a > chicken-and-egg situation. > > > > {EAP-}MSCHAP allows this, of course, so perhaps it doesn't > need to be > > a property of the outer-method providing that the > outer-method doesn't > > preclude the option. > > > > The section in question states that the (outer) tunnel method > SHOULD provide support for it. Your reasoning is perfectly > fine for MS-CHAP in the *inner* auth. The outer method is not > supposed to interfere with the inner method's proceeding and > doesn't need to provide any special support. > > The property of being able to change passwords within the > payload of the tunnel method is already expressed in section > 4.5.4 when it comes to dealing with legacy password databases > in the inner auth (where it belongs, IMHO). I'd suggest to > either mention it only in there, or to make sure in 3.1 that > any such management operation is not the tunnel method's "business". > [Joe] OK I see your point. We can clarify the it must support the inner exchange that supports passwords.
> > TLS is not itself a CPU intensive protocol, although some of the > > cipher suites are. > > > > Point taken. That does not make the para in the document much > more useful though IMHO. > > Greetings, > > Stefan > > -- > Stefan WINTER > Ingenieur de Recherche > Fondation RESTENA - Réseau Téléinformatique de l'Education > Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi > L-1359 Luxembourg > > Tel: +352 424409 1 > Fax: +352 422473 > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
