Jari Arkko wrote:
Speaking as an individual, I'm fine with this. It is important to
document the EAP methods as they actually exist in wide deployment.
That being said, we should also recognize the problems that codepoint
overloading causes (even if the overloading issues are somewhat
mitigated by the context ie tunnel in this case).
And we should definitely NOT follow the same type of overloading in
future work. Obviously not in IETF work, but I also hope that the main
vendors have gotten the message that it is a bad idea.
Jari
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
While I strongly disagree with overloading of EAP types, I have to agree
with Jari. I would like to see the IETF take a strong stance on not
allowing overloading of EAP types in the future. However, at this point
there are probably too many implementations to try to change, so it
seems documentation of existing behavior may be the only reasonable
course of action.
That said, I would still like to see the provisioning document call out
the security issues related to the use of anonymous provisioning.
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
