Re: Optimizing Authentication - periodic re-authentication

[Rahman]

Hi, My only comment is we should be explicit about the action taken when we detect that the session has been compromised (no F received). Regards, Reshad. Sent from my iPhone On Jan 31, 2024, at 11:06 AM, Jeffrey Haas <jh...@pfrc.org> wrote: Reshad, On Jan 30, 2024, at 12:28 AM, Rahman <res...@yahoo.com> wrote: Jeff, good catch. We can document both ways, ie we can let implementations decide which of the 2 methods below they prefer? Or is the concern that this will cause a DISCUSS? Mahesh has proposed the fix for the next rev in this pull request: https://github.com/bfd-wg/optimized-auth/pull/19/files -- Jeff