Re: [Emu] Implementing EAP-NOOB in Contiki - Use of the Realm assigned by the server?
Hi Tuomas, When I had implemented version 03 of the EAP-NOOB draft, I had understood that the new peer device should first be connected to the home network and establish an EAP-NOOB association with its home AAA server before it is able to roam? Except the case where the peer device provides some method for the user to manually configure the Realm of the home network. Thanks, Shiva -Original Message- From: Emu On Behalf Of Aura Tuomas Sent: Wednesday, July 03, 2019 4:24 PM To: Eduardo Inglés UM ; emu@ietf.org Subject: Re: [Emu] Implementing EAP-NOOB in Contiki - Use of the Realm assigned by the server? Yes, the new Realm assigned in the Initial Exchange should be used already during the Waiting Exchange and Completion Exchange. As part of the editorial improvements in draft-06, I edited the specification to be clearer on this point. The reason is better compatibility with roaming implementations, which are not part of the EAP-NOOB protocol but may want to work with it. If the Initial Exchange takes place while roaming, some external mechanism is needed to route the Initial Exchange, where the peer uses the default Realm, from the foreign AAA to the peer's intended home AAA. Since the realm is assigned in the Initial Exchange and taken into use immediately, the AAA routing will work normally for the subsequent Waiting and Completion Exchanges, and the same external mechanism is not needed there. That is, it is easier for foreign network to support Initial Exchange for roaming peer devices. The use case for such roaming support in eduroam was brought forward by Josh Howlett and Rhys Smith. Tuomas -Original Message- From: Emu On Behalf Of Eduardo Inglés UM Sent: Thursday, June 20, 2019 1:20 PM To: emu@ietf.org Subject: [Emu] Implementing EAP-NOOB in Contiki - Use of the Realm assigned by the server? Importance: High Hello all, During the IETF 104 Prague I told you that I am implementing EAP-NOOB in Contiki. During the process I have had few issues that I will send in separate emails for clarifications in the coming weeks. I like the way EAP-NOOB allows the server to send a realm that a peer can use later on during its lifetime. I find it useful when peers are roaming in different networks, for example, in the use case that I sent in a previous email. However, reading the specification it is not clear to me when a device should start using the Realm assigned by the server. Should I use it already during Waiting Exchange? Or only after the device has been successfully authenticated in the Completion Exchange? Regards, Eduardo Inglés. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
Re: [Emu] Implementing EAP-NOOB in Contiki - Use of the Realm assigned by the server?
Yes, the new Realm assigned in the Initial Exchange should be used already during the Waiting Exchange and Completion Exchange. As part of the editorial improvements in draft-06, I edited the specification to be clearer on this point. The reason is better compatibility with roaming implementations, which are not part of the EAP-NOOB protocol but may want to work with it. If the Initial Exchange takes place while roaming, some external mechanism is needed to route the Initial Exchange, where the peer uses the default Realm, from the foreign AAA to the peer's intended home AAA. Since the realm is assigned in the Initial Exchange and taken into use immediately, the AAA routing will work normally for the subsequent Waiting and Completion Exchanges, and the same external mechanism is not needed there. That is, it is easier for foreign network to support Initial Exchange for roaming peer devices. The use case for such roaming support in eduroam was brought forward by Josh Howlett and Rhys Smith. Tuomas -Original Message- From: Emu On Behalf Of Eduardo Inglés UM Sent: Thursday, June 20, 2019 1:20 PM To: emu@ietf.org Subject: [Emu] Implementing EAP-NOOB in Contiki - Use of the Realm assigned by the server? Importance: High Hello all, During the IETF 104 Prague I told you that I am implementing EAP-NOOB in Contiki. During the process I have had few issues that I will send in separate emails for clarifications in the coming weeks. I like the way EAP-NOOB allows the server to send a realm that a peer can use later on during its lifetime. I find it useful when peers are roaming in different networks, for example, in the use case that I sent in a previous email. However, reading the specification it is not clear to me when a device should start using the Realm assigned by the server. Should I use it already during Waiting Exchange? Or only after the device has been successfully authenticated in the Completion Exchange? Regards, Eduardo Inglés. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
[Emu] Implementing EAP-NOOB in Contiki - Use of the Realm assigned by the server?
Hello all, During the IETF 104 Prague I told you that I am implementing EAP-NOOB in Contiki. During the process I have had few issues that I will send in separate emails for clarifications in the coming weeks. I like the way EAP-NOOB allows the server to send a realm that a peer can use later on during its lifetime. I find it useful when peers are roaming in different networks, for example, in the use case that I sent in a previous email. However, reading the specification it is not clear to me when a device should start using the Realm assigned by the server. Should I use it already during Waiting Exchange? Or only after the device has been successfully authenticated in the Completion Exchange? Regards, Eduardo Inglés. ___ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
