Re: [HOKEY] Last Call: draft-ietf-hokey-erx (EAP Extensions for EAP Re-authentication Protocol (ERP)) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/31/2008 6:23 AM, Yoshihiro Ohba wrote:
On Wed, Jan 30, 2008 at 10:53:25PM -0800, Lakshminath Dondeti wrote:
   ... hence the
   authenticator initiation of the ERP exchange may require the
   authenticator to send both the EAP-Request/Identity and EAP-Initiate/
   Re-auth-Start messages.
Yes.
  Have existing EAP peer implementations been validated to work under
these assumptions?  i.e. will they break?  Will they see "unexpected"
EAP messages or content, and reject or discard the response?
Kedar noted from his implementation experience and it worked with
hostap/wpa_supplicant.
Shouldn't compliant implementations discard EAP messages with unknown codes?

I am rather concerned with authenticator behavior.  Since EAP is
designed as a lock-step protocol which only supports a single packet
in flight, allowing two outstanding requests breaks one basic design
principle of EAP.  In order to allow two outstanding requests, I would
expect significant modifications to EAP state machines described in
RFC 4137, and such modifications should be described in ERP document.

Hi Yoshi,

We have had these discussions in the WG. The consensus was that there may be a notion of an ERP state machine and it interacts with the EAP state machine.

regards,
Lakshminath


Yoshihiro Ohba


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]