Some technical comments on the document. Overall,
I noticed that two important capabilities are not currently supported: 1.
Support for identity privacy. Currently the
specification does not support this, which could be a concern, particularly in
Europe. Privacy implies the negotiation of a secure channel prior
to the EAP method-specific identity exchange. In the case of
EAP-PWD addressing this would seem to imply the need to do two key exchanges,
which leads to another issue: 2.
Fast reconnect. The protocol as currently
designed does not support fast reconnect, the ability to reauthenticate using
an exchange that is faster and computationally lighter weight. Where the
administrative domain contains a substantial number of users, the existing
specification could impose a heavy computational load on the server requiring
acceleration hardware, as well as imposing substantial delays on embedded clients.
This would be particularly apparent in situations where privacy is desired,
which could potentially double the computational load. One way to address
this (at the expense of PFS) would be to support fast reconnect, where the
previously negotiated master key is refreshed via an exchange of nonces, and
mutual proof of possession is demonstrated. An example of this
approach is the session resume functionality in TLS. |
_______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf