Jim: Please see comments below.
On 10/1/12 1:10 PM, "Jim Schaad" <[email protected]> wrote: >I found two that I forgot to include in the last message > >1. When exporting the user-id, does there need to be a way to distinguish >at export time between the different types of ids that are authenticated >by >the server? This does not seem to be an issue on the peer as it will only >do mutual authentication to servers and thus only have server ids, >however a >server may authenticate to different types of identities on the peer. At >the moment we have identified user and machines as types of entities to be >identified, I suppose in the future we could add Ewoks as a different type >of entity that could be identified. However the export function of >user-ids >does not make a distinction between the different types of authenticated >entities. Should it do so or should it just export user authentications? [HZ] It helps to export the identities as well as the corresponding identity types (from the Identity Type TLV). Will add text. > >2. Is there a map of TLVs that should not be sent together or need to be >processed in a specific order? The case I was looking at was for the >Identity TLV and the EAP TLV. Is there a difference in how a peer should >react for the following? > > Identity TLV (Send me a machine Identity), EAP TLV (Start the EAP type >XX) > EAP TLV (Start EAP type XXX), Identity TLV (Send me a machine Identity) > >Or should these two TLVs never occur in a single message? [HZ] We had some discussion in WG and take the design principal of TLV ordering should not matter. We disallow simultaneous EAP inner methods and/or with Basic Password Authentication, so rest of the TLVs order should not matter. If it does matter, it should be a nested TLV, as in Result TLV and Request-Action TLV. Need to add text to disallow Inner EAP method with parallel Basic Password Authentication TLV. > >Jim > > >_______________________________________________ >Emu mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
