Re: Optimizing Authentication - periodic re-authentication

Ok. Will add it as part of next update. > On Jan 31, 2024, at 5:38 PM, Rahman wrote: > > Hi, > > My only comment is we should be explicit about the action taken when we > detect that the session has been compromised (no F received). > > Regards, > Reshad. > > Sent from my iPhone > >> On Jan

Re: Optimizing Authentication - periodic re-authentication

Hi,My only comment is we should be explicit about the action taken when we detect that the session has been compromised (no F received).Regards,Reshad.Sent from my iPhoneOn Jan 31, 2024, at 11:06 AM, Jeffrey Haas wrote:Reshad,On Jan 30, 2024, at 12:28 AM, Rahman wrote:Jeff, goo

Re: Optimizing Authentication - periodic re-authentication

Reshad, > On Jan 30, 2024, at 12:28 AM, Rahman wrote: > > Jeff, good catch. > > We can document both ways, ie we can let implementations decide which of the > 2 methods below they prefer? Or is the concern that this will cause a DISCUSS? Mahesh has proposed the fix for the next rev in this pu

Re: Optimizing Authentication - periodic re-authentication

On Jan 28, 2024, at 3:21 PM, Jeffrey Haas wrote: > There's at least two possible ways to address this: > 1. We simply don't worry about periodic re-auth for no-auth or NULL-auth. > We thus don't protect against this attack. If you care about this attack, > use Meticulous Keyed ISAAC and the attac

Re: Optimizing Authentication - periodic re-authentication

Jeff, good catch. We can document both ways, ie we can let implementations decide which of the 2 methods below they prefer? Or is the concern that this will cause a DISCUSS? Regards, Reshad. Sent from my iPhone > On Jan 28, 2024, at 12:21 PM, Jeffrey Haas wrote: > > Optimizing Auth Authors