http://trac.tools.ietf.org/wg/emu/trac/ticket/36
Old Text: ³In the case of multiple peer authentications, the Peer-ID is determined from the first peer authenticatication.² New Text: ³In the case of multiple peer authentications, all authenticated peer identities need to be exported. ² Rational: It is desirable to export all peer identities that have been authenticated by the tunnel method. And there is no limit to the number of peer identities being exported, provided the interface is available. RFC 5247, EAP Keying Framework says: ³It is possible for more than one Peer-Id to be exported by an EAP method. For example, a peer certificate can contain more than one peer identity; in a tunnel method, peer identities can be authenticated within both an outer and inner exchange, and these identities could be different in type and contents. For example, an outer exchange could provide a Peer-Id in the form of a Relative Distinguished Name (RDN), whereas an inner exchange could identify the peer via its NAI or MAC address. Where EAP keying material is determined solely from the outer exchange, only the outer Peer-Id(s) are exported; where the EAP keying material is determined from both the inner and outer exchanges, then both the inner and outer Peer-Id(s) are exported by the tunnel method.²
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
