> About section 3.6, it sounds fine. The authenticator
"reclaim[ing]
>resources" is a bit unclear.
> Also, deleting the older key first does not read to
me as the same as a
>LIFO queue, as the last > key to be added is the
newest one, and that's
>not the one that it is thrown out first.
> Michaela
How about this?
"3.6. Key cache Synchronization
Key lifetime negotiation alone cannot guarantee key cache
synchronization. Even where a lower layer exchange is run
immediately after EAP in order to determine the lifetime of
EAP
keying material, it is still possible for the authenticator
to
purge all or part of the key cache prematurely (e.g. due to
reboot or
need to reclaim memory).
The lower layer may utilize the Discovery phase 0 to improve
key
cache synchronization. For example, if the authenticator
manages the
key cache by deleting the oldest key first, the relative
creation time of the last key to be deleted could be
advertised
within the Discovery phase, enabling the peer to determine
whether
keying material had been prematurely expired from the
authenticator
key cache."
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|
hotmail.co