[Emu] EAP and Fragmentation

Tue, 12 Feb 2019 09:37:56 -0800 

Hi all,
I am working on a draft for credentials management via EAP. When looking at the different specifications, it seems a bit weird that EAP does not provide Fragmentation control and requires each method to define their own way. 


/*This, led me to my first question:*/ is there a de-facto "standard" 
way to add Fragmentation support we can just use (without having to 
re-invent the wheel all the time) ? If we had such a mechanism, then we 
could just say "implement the mechanism as defined in ... ". This would 
definitely help developers that could safely re-use code/libraries. The 
other approach would be to modify EAP to add Fragmentation support 
there. The main reason to have a standard behavior is to have also 
better management for ack and nak packets. As far as the solution goes, 
the main ones I looked at are the ones mentioned in EAP-TTLS and 
EAP-TEAP. They are both practically the same, active ACK-based - are 
there other methods that have been implemented ? Has anybody ever looked 
at how fragmentation is handled in practice and if there are better 
solutions than others ?



/*Further thinking let me to my second question:*/ the method we are 
going to propose requires some form of authentication for the server, 
therefore I can see its use mainly as a tunneled method where the 
communication with the server is assumed to be already secure. If we go 
down the route of requiring the use of an outer method that provides 
authenticity and, optionally, confidentiality we would also not need to 
provide support for Fragmentation control, since the records would be 
encapsulated within the outer-method messages that already provide 
fragmentation support. Would this be acceptable ? Or should the method 
not have such assumptions and provide support for explicit fragmentation 
control ? What would be the preferred path here ? I personally would 
like to have a method that could be used independently, but I would also 
like to focus on simplicity of implementation so that if you already 
have EAP-TTLS/EAP-TEAP support, adding support for EAP-CREDS would be 
very simple.



Looking forward to some great guidance and advice :D Also, if you would 
like to collaborate/contribute, please let me know!


--
Best Regards,
Massimiliano Pala, Ph.D.
OpenCA Labs Director
OpenCA Logo

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu






















					Reply via email to