eap Mailing List: Re: [Issue 203] Comments on EAP-Peer state machine

[Yoshihiro Ohba (yohba]

On Tue, Dec 16, 2003 at 11:33:13AM +0200, Pasi.Eronen [at] nokia.com wrote:
> > "Identifier
> > 
> > The Identifier field is one octet and aids in matching replies to
> > Responses.  The Identifier field MUST match the Identifier field
> > of the Response packet that it is sent in response to."
> 
> Hmm, you're right... (I had thought that each EAP packet
> sent by the authenticator gets a new identifier value).
> This requires some changes to the authenticator state 
> machine as well.
> 
> (BTW, do you have any idea whether current implementations 
> actually do this? At least the EAP-SIM test vectors in 
> draft -12 have a new identifier value for EAP Success :-)

EAP implementation in Open Diameter actually does this, because it is
what the specification says.  On the other hand, its peer
implementation does not check whether the Identifier field in the
received Success message matches the one contained in the latest
Response message, because the specification does not exactly specify
what to do when the mismatch is found.

Yoshihiro Ohba


> 
> Best regards,
> Pasi
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap