> > Is the problem with the definition that it refers
to an "EAP
> > authentication
> > exchange", seeming to imply that once the
exchange has completed it is
>no
> > longer useful?
>
>Yes.
>
>Does it make sense to use "state" instead of
"exchange"?
A given peer and server could execute a number of EAP
authentication
exchanges each of which would have its own Session-Id. So
the Session-Id
uniqely identifies the product of a successful EAP
autentication (e.g. the
keying material exported from the method). Of course, if
the
authentication is unsuccessful, the keying material does not
exist, so even
though there still might be a Session-Id, there is no keying
material to
name.
> > > > Session-Id
> > > > The EAP Session-Id uniquely identifies
an EAP authentication
>exchange
> > > > between an EAP peer
> > > > (as identified by the Peer-Id) and
server (as identified by the
> > > > Server-Id). For more information, see
Section 1.4.
> > >
> > >Is the "session-id" good until the
EAP-Success/Failure exchange, or
>until
> > >the expiration of the MSK/EMSK? I think it is
the latter.
> >
>
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|