> If EAP has no message suitable for constructing a GSS error token,
> well, either GSS-EAP could specify one, or you could leave it
> unspecified and c'est la vie. But spell this out :)
Well, we have errors at the GSS EAP layer anyway, so there is a GSS EAP error
token. The draft just needs to be filled in with the minor status codes, which
will be something like this.
error_code GSSEAP_WRONG_SIZE, "Buffer is incorrect size"
error_code GSSEAP_WRONG_MECH, "Mechanism OID is incorrect"
error_code GSSEAP_BAD_TOK_HEADER, "Token header is malformed or
corrupt"
error_code GSSEAP_TOK_TRUNC, "Token is missing data"
error_code GSSEAP_BAD_DIRECTION, "Packet was replayed in wrong
direction"
error_code GSSEAP_WRONG_TOK_ID, "Received token ID does not
match expected token ID"
error_code GSSEAP_CRIT_ITOK_UNAVAILABLE, "Critical inner token type
unavailable"
error_code GSSEAP_MISSING_REQUIRED_ITOK, "Missing required inner token"
error_code GSSEAP_DUPLICATE_ITOK, "Duplicate inner token received"
error_code GSSEAP_WRONG_ITOK, "Recieved invalid inner token
for current state"
error_code GSSEAP_KEY_UNAVAILABLE, "EAP key unavailable"
error_code GSSEAP_KEY_TOO_SHORT, "EAP key too short"
error_code GSSEAP_RADIUS_AUTH_FAILURE, "Authentication rejected by
RADIUS server"
error_code GSSEAP_UNKNOWN_RADIUS_CODE, "Received unknown response code
from RADIUS server"
error_code GSSEAP_MISSING_EAP_REQUEST, "RADIUS response is missing EAP
request"
error_code GSSEAP_RADIUS_PROT_FAILURE, "Generic RADIUS failure"
-- Luke
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
