Alejandro Perez Mendez wrote: > I think I didn't explained myself correctly. I'm not suggesting > modifying existing authentication methods. EAP-Success will still appear > only in Access-Accept packets. Just imagine the situation where the > Server wants to include an attribute X in one of the Access-Challenge > packets, and that by introducing that attribute X, the packet becomes > too big. That's the case I'm thinking of. Maybe that's an impossible > situation, I don't know.
Authorization data from the server needs to wait until after authentication is complete. I'm not sure of any use-case for sending large amounts of non-authentication traffic from the server to the client. I would suggest that such a use-case is highly insecure. Alan DeKok. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
