> -----Original Message----- > From: lwip-users > On Behalf Of Sylvain Rochet > Sent: Thursday, 11 August 2016 18:34 > On Wed, Aug 10, 2016 at 07:49:03PM -0400, Patrick Klos wrote: > > > > but if I remember correctly, the sequence of PPP negotiations is LCP > > (which negotiates if/which authentication protocol will be used), > > followed by authentication (if any), followed by other negotiations > > (IPCP, CCP, etc). If that's correct, then you won't have to enable > > CCP (and/or MPPE) until after your LCP state machine reaches the > > Opened state, so you'd know by then if MSCHAPv2 was negotiated or not? > > > > I can't say what the implications would be with the LwIP PPP as I > > haven't used it. > > The problem here is that MSCHAPv2 have to prepare keys for MPPE since > MPPE keys are derived from MSCHAPv2 challenge hashes, therefore MPPE > must currently be enabled before MSCHAPv2 authentication start. > > We could argue whether we should always prepare keys even if MPPE is not > enabled, which would add useless CPU cycles for users which built MPPE > support but are actually not using it, but anyway, user is not supposed > to change PPP options once the session is started :-)
I don't think it makes sense to generate the MPPE keys _always_. I hate wasting CPU cycles as much as anybody. I think my use case is somewhat special and I wouldn't want to burden everyone else with it. I'll figure out something else. > > > Or is even that poor practice to change LCP options in the middle of the > > > negotiation? > > > > CCP (where MPPE would be negotiated) is completely independent of LCP. > > None of your LCP options would have to change once you've gotten to > > the LCP Opened state. Once LCP finishes, you'll know if you've > > negotiated MSCHAPv2 and if you even need to enable CCP (and MPPE) > > negotiations. > > I can confirm that, LCP options are probably not going to change once > authentication is started. I'm quite sure the protocol does not disallow > renegotiating some options later, but obviously no one does that, I > can't see any use case for wanting to do that either. Agreed. Reading some documentation, I think LCP renegotiation is not disallowed -- but agree that it probably never happens in practice. > Anyway, I think Greg is just thinking that MPPE is a LCP option, while > obviously it is not, that's all :) Yes, I did mean CCP, not LCP. Sorry for that gaffe and thanks to you both for the correction. (Too many acronyms for this noob!) -- G --------------------------------------------------------------------------------------- This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com ---------------------------------------------------------------------------------------
_______________________________________________ lwip-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lwip-users
