> Referring to Sec. 3.5 of http://tools.ietf.org/html/draft-ietf-emu-eaptunnel-req-03, there should be an indication to the application that is using EAP > that such "strange" authentication took place. For example, the VoIP server may than make sure that only calls to 911 or 112 are allowed. Otherwise > there is no way to authorize the user without some backchannel into the AAA. > > So I propose to add:
> "The tunnel method, if it supports emergency services, MUST provide an indication at the EAP or EAP-method level that such authentication took place; > > the indication MUST be unencrypted but integrity protected". I don't understand what this text is for? Who is this indication for? An application should not be sniffing EAP packets to see what happens. It seems that this is the responsibility of a local API between the EAP server and the application. Joe _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
