Hello, I think SASL over EAP would be useful. Would it be in scope for EMU?
SASL is normally used for applications, while EAP authenticates networks. However, with VPNs these uses get mixed. We're making a few other changes to SASL that line up with this: - Diameter embedding of SASL tokens - A SASL mech "SXOVER" to support authentication of foreign realms An interesting usecase for EAP-SASL with all this would be WiFi and LAN authentication (EAPOL or 802.1x) passed over Diameter to *any* domain on the Internet, and receiving back tunnel information. Clients would be tunneled to their own network/IP/routing and it would be easier for public access providers to offer full networking without worry about the behaviour it outputs over their IP range. This may in fact be a path for your purpose of out-of-band based authentication; SASL mechanisms could use such extensions too and SXOVER might help to protect the general mechanism. Before this group existed I wrote a spec for EAP-SASL, is it worthwhile to continue, and how/what do you advise? https://www.ietf.org/archive/id/draft-vanrein-eap-sasl-00.txt The other work is progressing in https://tools.ietf.org/html/draft-vanrein-diameter-sasl-03 Looking forward to the EMU opinions, Kind regards, Rick van Rein InternetWide.org _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
