Hi all, Few initial comments: 1) Section "3.3.1. EAP Sequences" It says "Upon completion of each EAP method in the tunnel, the server MUST send an Intermediate-Result TLV...". We have discussed previously that: a) EAP RFC 3748 calls EAP types 1..3 also "EAP methods":
6.2. Method Types The original EAP method Type space has a range from 1 to 255, and is the scarcest resource in EAP, and thus must be allocated with care. Method Types 1-45 have been allocated... b) However after EAP method types 1..3 we should not send Intermediate-Result TLV. Thus we considered in one of the previous discussions to say in Section 3.3.1 of TEAP "Upon completion of each EAP __authentication__ method in the tunnel, the server MUST send an Intermediate-Result TLV...". And then "EAP authentication method is EAP type 4 or greater". There are few more places in TEAP draft where the same "EAP authentication method" substitution may be required instead of "EAP method" 2) Regarding using both password authentication and EAP authentication method inside the same TEAP tunnel - should we merge the explanation on what to do after completion of each EAP authentication method and password authentication into a common section since the completion is the same? 3) If we explicitly mention that password authentication can be used for pin operations and thus multiple round trips are supported - should we also allow passing user prompt and other pin related things? 4) Since multiple roundtrips of password authentication are allowed - we should specify what exactly to consider a "completion" of it since it induces the finalization flow 5) Regarding "3.3.3. EAP-MSCHAPv2" I would suggest to explicitly mention the document where EAP-MSCHAPv2 MSK 16-octets blocks order is defined (the order that is different from EAP-FAST-MSCHAPv2). We should also mention that in PEAP and maybe some other protocols the original (non EAP-FAST-MSCHAPv2) order is used. The next portion of the comments is coming soon... Thanks Oleg
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
