Sam Hartman wrote: > I'd like to confirm that code is in use both by implementations of > eap-fast v1 and v2.
As a backup question: Are there *any* implementations of v2? The draft does not make it clear if this is the case. Can the authors step in and give their opinion? > Does the current text mandate support for eap-fast v1 as well as v2? Yes and no. Section 3.1 says: The version negotiation procedure guarantees that the EAP-FAST peer and server will agree to the latest version supported by both parties. If version negotiation fails, then use of EAP-FAST will not be possible, and another mutually acceptable EAP method will need to be negotiated if authentication is to proceed. This makes it *possible* for an implementation to support v2 only. This will require starting version negotiation for EAP-FASTv2, and then switching to a different EAP method. Implementations traditionally have found it difficult to start one EAP method, and then to switch to another one. This means that v2-only implementations may be difficult to deploy in practice. > Is it expected that most implementations will support v1 and v2? > > Is it desired that people be able to create a v2 only implementation? I will partially avoid those two questions, and say that it should be possible to deploy only the EMU tunneled method. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
