Mercurial > hg > ietf
changeset 12:ece18f20b72c
Update to latest
| author | Sebastien Decugis <sdecugis@nict.go.jp> |
|---|---|
| date | Wed, 18 Mar 2009 14:14:49 +0900 |
| parents | c8dd0bdbd9e6 |
| children | 1c2d1b7327af |
| files | New_ERP_draft.txt |
| diffstat | 1 files changed, 28 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/New_ERP_draft.txt Wed Mar 18 14:16:22 2009 +0900 +++ b/New_ERP_draft.txt Wed Mar 18 14:14:49 2009 +0900 @@ -1,6 +1,11 @@ ===================== +changeset: 11:c8dd0bdbd9e6 +tag: tip +user: Sebastien Decugis <sdecugis@nict.go.jp> +date: Wed Mar 18 14:16:22 2009 +0900 +summary: More cleanups. + changeset: 9:5fdd3345477f -tag: tip user: Sebastien Decugis <sdecugis@nict.go.jp> date: Wed Mar 18 14:06:05 2009 +0900 summary: Cleanups. @@ -22,6 +27,7 @@ summary: Document to present alternative design for Diameter ERP, initial commit (incomplete work) ===================== + *Abstract* The EAP Re-authentication Protocol [RFC5296] provides an optimization for EAP @@ -120,11 +126,13 @@ deployed as well. See the following sections for more details about bootstrapping scenarii. - - Peer Authenticator ER server - ==== ============= (bootstrapped) - [ <------------------------ ] (local or home domain) - [optional EAP-Initiate/Re-auth-start] ====================== + ER server + (bootstrapped) + Peer Authenticator (local or home domain) + + ==== ============= ====================== + [ <------------------------ ] + [optional EAP-Initiate/Re-auth-start] -----------------------> EAP-Initiate/Re-auth @@ -152,6 +160,7 @@ DSRK, itself derived from EMSK) when the ER server is in the visited domain. + *Scenario 1: explicit bootstrapping* As described in [RFC5296], an explicit bootstrapping exchange can be initiated @@ -199,22 +208,22 @@ Authenticator ER server Home EAP server ============= ========= =============== -----------------------> - ERP/DER - (EAP-Initiate) + Diameter ERP/DER + (EAP-Initiate) ------------------------> - EAP/DER + Diameter EAP/DER (EAP-Initiate) (ERP-RK-Request) <------------------------ - EAP/DEA + Diameter EAP/DEA (EAP-Finish) (ERP-RK-Answer) (rMSK) <---------------------- - ERP/DEA - (EAP-Finish) - (rMSK) + Diameter ERP/DEA + (EAP-Finish) + (rMSK) Figure 3. ERP explicit bootstrapping message flow. @@ -251,23 +260,23 @@ Authenticator ER server Home EAP server ============= =========== =============== -------------------------> - EAP/DER + Diameter EAP/DER (EAP-Response) -------------------------> - EAP/DER + Diameter EAP/DER (EAP-Response) (ERP-RK-Request) <==================================================> - Multi-round EAP exchanges, unmodified + Multi-round Diameter EAP exchanges, unmodified <------------------------- - EAP/DEA + Diameter EAP/DEA (EAP-Success) (MSK) (ERP-RK-Answer) <------------------------- - EAP/DEA + Diameter EAP/DEA (EAP-Success) (MSK) @@ -280,6 +289,7 @@ {TODO: study this case ?} + *Scenario 5: Other possibilities* {In case implementation-specific solution is retained, list here the