[EMU copied for EAP input] Here in ABFAB, we're designing a new EAP lower layer for applications to use for authentication. We're using the GSS-API (RFC 2743) as our application integration point.
Currently, our lower layer is kind of chatty. The peer sends a first message that roughly says "Hi, I'd like to authenticate." Then the authenticator sends an identity request EAP message. Then the peer sends an identity response. Then the authenticator (probably after an AAA interaction) respons with the first EAP method message. As best we can tell that round trip is unneeded. We could instead include an unsolicited identity response in our first message from the peer to authenticator and get a request with an EAP method message from the first message from the authenticator. We can't see any down side of this. There seems to be nothing in the identity request. We already have another approach for "network selection." If you want to know who your authenticator is in order to decide on an identity, we have a lower-layer specific mechanism for that. I'd appreciate any comments. From ABFAB participants, do we want to make this optimization? From EMU participants are we missing anything? _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
