[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Xauth Transaction Identifier

To: "'stephane@xxxxxxxxx'" <stephane@xxxxxxxxx>, "'ietf-xauth@xxxxxxxx'" <ietf-xauth@xxxxxxxx>
Subject: Xauth Transaction Identifier
From: Leemay Yen <leemay_yen@xxxxxxxxxxxxxxx>
Date: Wed, 1 Nov 2000 15:24:23 -0800
Cc: Leemay Yen <leemay_yen@xxxxxxxxxxxxxxx>
Importance: high
List-archive: <http://www.vpnc.org/ietf-xauth/mail-archive/>
List-id: <ietf-xauth.vpnc.org>
List-unsubscribe: <mailto:ietf-xauth-request@vpnc.org?body=unsubscribe>
Sender: owner-ietf-xauth@xxxxxxxxxxxxx

Hi, Stephane:

Thank you in advance to answer my following questions about
 your xauth draft (Oct. 2000).

1. In Section 6, it says:
    "All ISAKMP-Config messages in an extended authentication transaction
     MUST contain the same ISAKMP-Config transaction identifier."

Does it mean that a single "identifier" value shall be used in the whole
xauth
transaction ?

Then if the whole xauth exchange looks like:
	Request -->
		 <--  Reply
	Request -->
		 <--  Reply
	Set	 -->
		 <--  Ack

Only one id value will be used  no matter how many pairs of messages 
(Request/Reply, Set/Ack) ?

2. What is the starting value for this "identifier" ? 
Is it always incremented by 1 ?
What will be the cases to use different identifier values ?

3. Should we change the identifier value for the "authentication failure
retry" ?
or even the re-authentication phase (per RADIUS, as described in section 6)
?

In addition, have you thought about how to support "password change", which
can be initiated by the end host or even the edge device ?

Thanks again for your advise.

Leemay Yen
RapidStream, Inc.

Follow-Ups:
- Re: Xauth Transaction Identifier
  - From: Stephane Beaulieu

Prev by Date: Starting this list
Next by Date: Re: Xauth Transaction Identifier
Previous by thread: Starting this list
Next by thread: Re: Xauth Transaction Identifier
Index(es):
- Date
- Thread