> A tunnel method draft has been submitted:
>
> http://tools.ietf.org/id/draft-salowey-emu-eaptunnel-req-01.txt
>
> A separate call for consensus will be issued for this document.
RFC3748 (section 2.1) states:
However, the peer
and authenticator MUST utilize only one authentication method (Type 4
or greater) within an EAP conversation, after which the authenticator
MUST send a Success or Failure packet.
Am I correct in understanding that section 3.3 ('Chained EAP Methods')
is not a violation of RFC3748 because it only applies to methods run
*within* the tunnel method itself, and not to other methods that might
precede or follow the tunnel method? In other words, this is not an
attempt to change the behaviour stipulated in RFC3748?
>From the same section:
However,
chained EAP methods from different conversations can be re-directed
into the same conversation by an attacker giving the authenticator
the impression...
At the risk of appearing pedantic, would it be more accurate to say 'EAP
server' rather than 'authenticator'?
josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
