> > In EAP, the authenticator is responsible for retransmission. By default > EAP assumes that the lower layer (the application in this context) is > unreliable. The authenticator can send a packet whenever its > retransmission timer triggers. In this mode, applications need to > process EAP messages at any time during the authentication conversation. > > Alternatively, EAP permits a lower layer to set the retransmission timer > to infinite. In this case, the lower layer is responsible for > reliable delivery of EAP messages. Applications that use a lock-step or > client-driven authentication protocol might benefit from this approach. > > In addition to retransmission behavior applications need to deal with > discarded EAP messages. Whenever some EAP methods receive erroneous
Discarding may be done at the EAP layer or the EAP method layer. I think we need to cover for both. > input, these methods discard the input rather than generating an error > response. If the erroneous input was generated by an attacker, > legitimate input can sometimes be received after the erroneous > input. Applications MUST handle an EAP method discarding a message, > although the specific way in which discarded messages will be handled > depend on the characteristics of the application. Now, saying "MUST handle" and then leaving the way it's handled out-of scope does not make sense. > Options include > failing the authentication at the application level This is problematic. If the EAP method has discarded the message, now you need this be conveyed down the stack to the EAP lower-layer. This does not happen today. And enforcing that requires changing existing EAP methods, creating additional requirement on future methods. > and waiting for > additional EAP input, possibly after an EAP retransmit. > Who is retransmitting here? The EAP peer? If so, we need to clarify that. And also described how the EAP peer decides to retransmit, and what it really retransmits (the previous EAP response?). Is this text meant to cover how the EAP conversation can be made reliable with client-driven retransmissions? I see the implications of it, but not clear and complete description of it. Alper > Specifications of how EAP is used for application authentication SHOULD > document how retransmission and message discards are handled. > _______________________________________________ > abfab mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/abfab _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
