| Legacy/Expanded NAK responses in RFC 3748. | <– Date –> <– Thread –> |
From: Uma Shankar Ch (umas intotoinc.com)
|
|
| Date: Wed, 13 Oct 2004 02:51:14 -0400 (EDT) | |
Can any body help me understanding and answer some basic queries on Legacy/Expanded NAK responses in RFC 3748.
CASE I.
When a peer neither support any expanded methods nor expanded NAK responses.
Mx : Method x
1: <--- EAP-Request/Start/M1
2: ---->EAP-Response/NAK/M3,M4,M5
3: <--- EAP-Request/Method-Type =254 (As server can't accept any of the methods(M3,M4,M5) specified by peer, it resorted for an expanded type request by setting type as 254 in EAP Request)
4: ----> EAP-Response/NAK/0
1. Is the above messages transactions are valid?
a. What I am seeing here is, can EAP server make an Expanded NAK request as shown in 3: even when NAK response in 2 hasn't indicate 254 in it?
b. Just to confirm, for expanded type requests, peer can send a NAK Response as per section 5.3.1.
c. Answers for the above two are YES, I am not able understand the statement made in section 5.3.2
"The Expanded Nak Type is valid only in Response messages."
Am I missing anything here?
CASE II.
When a peer supports one expanded method(EM1),IETF methods M3,M4 and also supports expanded NAK responses.
Mx : Method x
1: <--- EAP-Request/Start/M1
2: ---->EAP-Response/NAK/M3,M4,254
3: <--- EAP-Request/Method-Type =254
4: ----> EAP-Response/ENAK/Vendor-ID = 10,Method = EM1
1. Now, say server can't support even EM1, here what is the exact sequence so that connection closes gracefully?
CASE III.
When a peer supports one expanded method(EM1),IETF methods M3,M4 and also supports expanded NAK responses.
Mx : Method x
1: <--- EAP-Request/Start/M1
2: ---->EAP-Response/NAK/M3,M4,254
3: <--- EAP-Request/Method-Type =254
4: ----> EAP-Response/ENAK/Vendor-ID = 10,Method = EM1
5: <--- EAP-Request/Start/EM1 (As server accepted the vendor specific method EM1)
1. Is the above messages transactions are valid?
CASE IV. Is there any possibility for multiple NAK responses which server need to honor?
*** One possible case is as shown in CASE I. Message 2 and 4.
In any other case it would become DoS or Am not able to visualize any other, where I happen to select the method in second NAK Response.
--Uma
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.