I found two that I forgot to include in the last message 1. When exporting the user-id, does there need to be a way to distinguish at export time between the different types of ids that are authenticated by the server? This does not seem to be an issue on the peer as it will only do mutual authentication to servers and thus only have server ids, however a server may authenticate to different types of identities on the peer. At the moment we have identified user and machines as types of entities to be identified, I suppose in the future we could add Ewoks as a different type of entity that could be identified. However the export function of user-ids does not make a distinction between the different types of authenticated entities. Should it do so or should it just export user authentications?
2. Is there a map of TLVs that should not be sent together or need to be processed in a specific order? The case I was looking at was for the Identity TLV and the EAP TLV. Is there a difference in how a peer should react for the following? Identity TLV (Send me a machine Identity), EAP TLV (Start the EAP type XX) EAP TLV (Start EAP type XXX), Identity TLV (Send me a machine Identity) Or should these two TLVs never occur in a single message? Jim _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
