On Sat, 31 Dec 2022, at 17:14, Oleg Pekar wrote:
> Few initial comments:
>
> [snipped EAP sequences scene setting]
>
> Thus we considered in one of the previous discussions to say in Section 3.3.1
> of TEAP "Upon completion of each EAP __authentication__ method in the tunnel,
> the server MUST
On Thu, 1 Dec 2022, at 13:44, Eliot Lear wrote:
> Th proposed change is as follows:
>
>
>
>> 4.2.13. Crypto-Binding TLV
>>
>> The Crypto-Binding TLV is used to prove that both the peer and server
>> participated in the tunnel establishment and sequence of authentications. It
>> also provides
>> 1) Section "3.3.1. EAP Sequences"
>> It says "Upon completion of each EAP method in the tunnel, the server
MUST send an Intermediate-Result TLV...". We have discussed previously that:
>> a) EAP RFC 3748 calls EAP types 1..3 also "EAP methods":
>This is address with discussion in commit
https:
After implementing EAP-FAST and TEAP, I see a big value in simplifying the
protocol state machine. If we draw a state machine diagram and it can be
placed on a relatively small piece of [virtual] paper and clearly readable
- it is much better for the implementers. Thus I would vote for keeping a
co
On Jan 2, 2023, at 5:16 AM, Alexander Clouter wrote:
> I flagged earlier how EAP sequences are very poorly defined in general for
> any EAP method and for TEAP it is no different. I would like to see some
> language to help steer implementers in the right direction.
Very much so, yes.
> To i
On Mon, 2 Jan 2023, at 20:15, Alan DeKok wrote:
>> Appendix C.6 (Sequence of EAP Methods) will need to be updated to show this
>> too.
>
> The text has this, which seems sufficient:
>
> <- EAP-Request/
> EAP-Type=TEAP, V=1
>
On Jan 2, 2023, at 10:07 AM, Oleg Pekar wrote:
> [Oleg] I agree that this is a low priority remark, I just want to be sure
> that we don't leave any ambiguity here. The RFC 7170 implicitly says that
> after the peer replies with inner EAP Identity Response, and the server, for
> example, doesn'
On Jan 2, 2023, at 3:45 PM, Alexander Clouter wrote:
> It shows it for the *first* method but not subsequent methods.
Ah.
And it doesn't show the inner EAP authentication method finishing with EAP
Success or EAP Failure.
> For later methods it shows:
>
><- Inter
