| RE: Re: Issue 251 | <– Date –> <– Thread –> |
From: Nick Petroni (npetroni cs.umd.edu)
|
|
| Date: Tue, 27 Jul 2004 14:24:00 -0400 (EDT) | |
Paul, Thanks for jumping in. The way I understand these messages is, I think, as you have described. Basically, if 802.1X is off, but the Peer comes in and sends an EAPoL Start, then the authenticator will immediately respond with an EAP Success or an EAP Fail without doing a run of the Identity method or an actual authentication method. Is this correct? If so, I *think* this would violate RFC3748 per Bernard's and Jari's comments. Any thoughts, corrections, or clarifications to my assessment? Thanks, nick Nick L. Petroni, Jr. Graduate Student, Computer Science Maryland Information Systems Security Lab University of Maryland http://www.cs.umd.edu/~npetroni On Tue, 27 Jul 2004, Congdon, Paul T (ProCurve) wrote: > > The 'canned' messages are only send when the 802.1X port is > administratively forced authorized or unauthorized. This is basically > when management turns off 802.1X and forces the port open or closed. > These message are also discussed in the text. > > Paul > > > -----Original Message----- > > From: eap-admin [at] frascone.com [mailto:eap-admin [at] frascone.com] > > On Behalf Of Nick Petroni > > Sent: Tuesday, July 27, 2004 8:13 AM > > To: Bernard Aboba > > Cc: eap [at] frascone.com > > Subject: Re: [eap] Re: Issue 251 > > > > > 802.1X "canned" messages are encapsulated EAP packets. So > > an 802.1X > > > packet containing an EAP Success is expressly forbidden under RFC > > > 3748, even though I think it is still mentioned in IEEE > > 802.1X-2004. > > > Similarly, our discussion of whether "canned" EAP Failure > > is illegal > > > also applies to "canned" 802.1X packets. > > Ok, this was the source of my confusion. I guess I assumed > > that since they were in another standard they were going to > > be allowed for backwards compatibility or some other legacy > > argument. They are, indeed, still in the latest version, > > which was another source of my confusion. They are in the > > 802.1X SM diagrams, not just the text. > > > > Thanks, > > nick > > > > > > > > > _______________________________________________ > > eap mailing list > > eap [at] frascone.com > > http://mail.frascone.com/mailman/listinfo/eap > > > _______________________________________________ > eap mailing list > eap [at] frascone.com > http://mail.frascone.com/mailman/listinfo/eap >
- Re: Re: Issue 251, (continued)
-
Re: Re: Issue 251 Nick Petroni, July 27 2004
-
Re: Re: Issue 251 Bernard Aboba, July 27 2004
- Re: Re: Issue 251 Nick Petroni, July 27 2004
-
Re: Re: Issue 251 Bernard Aboba, July 27 2004
-
RE: Re: Issue 251 Congdon, Paul T (ProCurve), July 27 2004
- RE: Re: Issue 251 Nick Petroni, July 27 2004
- Re: Re: Issue 251 Jim Burns, July 27 2004
- Re: Re: Issue 251 Yoshihiro Ohba, July 28 2004
- Re: Re: Issue 251 Nick Petroni, July 28 2004
- Re: Re: Issue 251 Yoshihiro Ohba, July 28 2004
-
Re: Re: Issue 251 Nick Petroni, July 27 2004
Results generated by Tiger Technologies using MHonArc.