I don't see anything in RFC 3748 saying a peer CANNOT send an EAP-Failure,
but perhaps it would be better for GPSK to respond with another
GPSK-Failure message, and then have the sever send the EAP-Failure.
RFC 3748 Section 4.1 says:
The peer MUST send a Response packet in reply to a valid Request packet.
So an EAP peer cannot send an EAP-Failure in response to a Request. If it
were to do so, the authenticator would just retransmit the Request, since
Section 4.1 says:
The Request packet (Code field set to 1) is sent by the
authenticator to the peer. Each Request has a Type field which
serves to indicate what is being requested. Additional Request
packets MUST be sent until a valid Response packet is received, an
optional retry counter expires, or a lower layer failure
indication is received.
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
