Jim, >1. What is the assumption that EAP uses when being transported over >RADIUS/DIAMETER. Specifically does it make assumption that the transport >is reliable and thus no retries ever need to be made.
No; check out section 2.3 of RFC3579: "As noted in [RFC2284], if an EAP packet is lost in transit between the authenticating peer and the NAS (or vice versa), the NAS will retransmit." I'm not sufficiently familiar with Diameter to comment, but I hope that someone who is will be able to chip in... >2. What are the trade-offs when running the server as an EAP >pass-through service verses as a tunnel. Specifically what are the >security and functionality requirements that are imposed. Two issues >that I can think of are 1) is the EAP data masked from the server and 2) >if the host protocol is not reliable, does the pass-through service need >to provide the retry service. I'm not sure what you mean by tunnel in this context; could you clarify please? >3. It would do well to re-state the requirements from GSSAPI in the >document - specifically that it is required the host protocol provide a >reliable service that will deliver items to GSSAP in order. This means >that an underlying protocol that wants to use UDP for some reason will >have additional requirements placed on it that are not there for a TCP >based service. I have no problem with that. >4. Can a host protocol be writing as a pure query/response system or >does it need to support full bi-directional, full duplex functionality. >Specifically are there any requirements from ABFAB itself (say from EAP) >that make it impossible to run as a query/response system. Not that I can think of. > For example, if an EAP server needs to do a re-try and generates a >message to be sent down, can this occur? I'm not sure what you mean by a "re-try"? Do you mean a re-transmission following an assumed packet loss? Or some kind of unsolicited message? > Is this going to be allowed by Radius/Diameter? Is it an issue for the >host protocol to understand. Regretfully I'm not sure what you mean. Do you have a specific use-case or requirement in mind that we can work through? Josh. JANET(UK) is a trading name of The JNT Association, a company limited by guarantee which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
