> In my opinion, the document MUST give guidance for implementors and site > administrators: > > * if resumption is used, the implementation MUST cache sufficient information > for the system to make appropriate policy decisions on resumption
Maybe something about not relying on the outer identity to apply any kind of autz policies? Administrators may assume some kind of binding between the outer identity, the original session, and the resumed session, and assume it'll be consistent. In reality the user can provide any outer identity they like. I know this is covered by the above point, but I feel it's worth documenting this case explicitly. > * resumption MUST be rejected if no cached information is available, as we > have no idea what policies to apply I'd argue if cached information is expected and non is available, resumption MUST be rejected. For the majority of cases the security policies applied to the different TLS based EAP methods will be identical. I agree with the rest of the points. -Arran
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
