On Tue, Feb 24, 2009 at 10:36 AM, Alan DeKok <[email protected]> wrote: > Defining "progress" per EAP type may be difficult.
Indeed and that is why the hardcoded limit of round trips ended up being there in the first place.. ;-) Anyway, the most common issue case I've seen is where EAP server and peer end up sending TLS ACK messages in a loop and that would be easy to catch. Anyway, if this were to change at some point, I would assume there ends up being the default round trip limit and then some EAP type specific improvements to optimize that for the methods that need support for longer exchanges. > Yes, I recall those discussions related to TNC and NEA a while ago. > From what I see in the standards now, there is no reason for *bulk* > transfer of data over EAP. The TNC standards require pretty small data > transfers. Sure, no bulk data should be supported, but even TNC requires IF-TNCCS messages of up to 100 kilobytes in length which goes beyond the 50*1400 bytes or so (depending on max frame length) limit that is currently hardcoded in wpa_supplicant. > And even if wpa_supplicant is changed, it will be difficult to change > the millions of AP's out there. Well, I would hope that most APs don't have such limits on the EAP/EAPOL; this is supposed to be transparent data they are just proxying through.. Anyway, yes, if they do have a hard limit, there is not much that can be done to make this work with such a NAS. - Jouni - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
