1 / 6

RFC 2869bis Issues

RFC 2869bis Issues. Bernard Aboba IETF 57 Vienna, Austria Monday, July 14, 2003 15:30 - 17:30. RFC 2869bis Status. Issues list at: http://www.drizzle.com/~aboba/EAP/eapissues.html RFC 2869bis is a dependency of IEEE 802.1aa Approved for Publication as an RFC Two issues raised

Download Presentation

RFC 2869bis Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. RFC 2869bis Issues Bernard Aboba IETF 57 Vienna, Austria Monday, July 14, 2003 15:30 - 17:30

  2. RFC 2869bis Status • Issues list at: • http://www.drizzle.com/~aboba/EAP/eapissues.html • RFC 2869bis is a dependency of IEEE 802.1aa • Approved for Publication as an RFC • Two issues raised • Order of attribute processing • User-Name processing • Process • Issue #157 posted to EAP WG and IEEE 802.1 mailing lists • No discussion so far • Presentation at EAP WG in Vienna, IEEE 802 Plenary in SFO • If approved, changes made in Author 48 hours

  3. Processing Order: Issue #157 • Question: When an Access-Accept contains both an EAP-Message attribute and other attribues (e.g. Key attributes), which is processed first? • IEEE 802.1X-2001 says EAP message is sent first, then EAPOL-Key message • IEEE 802.11i agrees with IEEE 802.1X-2001 • IEEE 802.1aa has flip-flopped, but D6.1 now says EAP message is sent first • RFC 2869bis clarifications were added to conform to an earlier IEEE 802.1aa version • Now out of sync with IEEE 802 docs

  4. Proposed Fix • In Section 2.6.4, change: “the NAS SHOULD process other attributes first, then decapsulate EAP-Message attribute(s), reconstitute the EAP packet and send it to the peer.” To:“the NAS SHOULD first decapsulate EAP-Message attribute(s), reconstitute the EAP packet and send it to the peer, then process other attributes.” • In Appendix B , change: “EAP-Message attributes are processed last (Section 2.6.4).” To: • “EAP-Message attributes are processed first (Section 2.6.4).”

  5. Issue: User-Name Processing • EAP methods may support Identity Privacy • EAP-Response/Identity may not include the complete name • Example: @example.com (realm routing only) • Method-specific Identity provided • Question: How does the NAS know what User-Name attribute to put into Accounting messages? • Answer: If AAA server wishes a particular User-Name to be used, it is sent in the Access-Accept

  6. Proposed Fix • In Section 3 , add:“The User-Name attribute within the Access-Accept packet need not be the same as the User-Name attribute in the Access-Request.”

More Related