On 5/16/2011 8:02 PM, Alan DeKok wrote: > Sam Hartman wrote: >> I'd like to confirm that code is in use both by implementations of >> eap-fast v1 and v2. > > As a backup question: Are there *any* implementations of v2? > > The draft does not make it clear if this is the case. Can the authors > step in and give their opinion?
I believe that it was stated in Prague that there were no implementations (let alone deployments) at that time, but that Cisco would commit to putting development on their road map. > >> Does the current text mandate support for eap-fast v1 as well as v2? > > Yes and no. Section 3.1 says: > > The version negotiation procedure guarantees that the EAP-FAST peer > and server will agree to the latest version supported by both > parties. If version negotiation fails, then use of EAP-FAST will not > be possible, and another mutually acceptable EAP method will need to > be negotiated if authentication is to proceed. > > This makes it *possible* for an implementation to support v2 only. > This will require starting version negotiation for EAP-FASTv2, and then > switching to a different EAP method. > > Implementations traditionally have found it difficult to start one EAP > method, and then to switch to another one. This means that v2-only > implementations may be difficult to deploy in practice. > >> Is it expected that most implementations will support v1 and v2? >> >> Is it desired that people be able to create a v2 only implementation? > > I will partially avoid those two questions, and say that it should be > possible to deploy only the EMU tunneled method. This seems to me to be a strong argument for a new type code. ...
<<attachment: gwz.vcf>>
_______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
