Hi Sam: El 18/10/2011, a las 17:35, Sam Hartman escribió:
> I think I may have been unclear in what I was proposing. I'm proposing > that the peer send its identity in the first message (*) and that the > server gets to respond with type 4 or greater (a specific EAP method). Sending its identity does not mean that it must be carried in the EAP response/identity. In fact what I suggested is to carry the identity in the first message but not contained in the EAP response/identity. > I'm proposing dropping the identity request, not the identity response. As I said in my previous e-mail, you can do that but it does not necessarily mean to transport the identity in an EAP response/identity. According to the text I pasted in my previous e-mail (below), the peer can send its identity in the first message (but not contained in any EAP response/identity). Then the NAS sends that identity to the EAP/AAA server with an EAP-Message attribute (without EAP message) signifying EAP-Start. The RADIUS server then sends "an EAP-Request for an authentication method (Type 4 or greater) This is what I proposed in my previous e-mail. Is it not similar to what you proposed? In RFC 3579 you can also find this text: "Rather than sending an initial EAP-Request packet to the authenticating peer, on detecting the presence of the peer, the NAS MAY send an Access-Request packet to the RADIUS server containing an EAP-Message attribute signifying EAP-Start. The RADIUS server will typically respond with an Access-Challenge containing EAP-Message attribute(s) encapsulating an EAP-Request/Identity (Type 1). However, an EAP-Request for an authentication method (Type 4 or greater) can also be sent by the server." > > > (*) There's a case where we ask the acceptor what its name is. In that > case I think it is desirable to let the peer wait to receive the > acceptor name before sending an identity. > > In all these cases we support identity hiding. ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
