| Re: Some questions about EAP Notifications | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Wed, 16 Feb 2005 08:37:07 -0500 (EST) | |
Hi Bernard,
I think so. See Section 5.1 of RFC 3748:
Section 5.2 of RFC 3748:
--Jari
* Is it legal to send an EAP Notification as the first message in an EAP exchange? (e.g. before EAP-Request/Identity or an EAP-Request for an authentication method)
I think so. See Section 5.2 of RFC 3748 (emphasis added):
An authenticator MAY send a Notification Request to the peer *at any time* when there is no outstanding Request, prior to completion of an EAP authentication method.
Page 8 of draft-ietf-eap-statemachine-05.pdf seems to confirm this, because allowNotifications is initialized to TRUE.
* Is it legal to send an EAP Notification in response to an EAP-Response/Identity?
I think so. See Section 5.1 of RFC 3748:
The Notification Request MAY be used to indicate an invalid authentication attempt prior to transmitting a new Identity Request (optionally, the failure MAY be indicated within the message of the new Identity Request itself).
(The last part of this text is funny, however, because we have no bit in the Identity Request to indicate such things. I think the text means that the mere reception of a new Identity Request means that previous identity was invalid or insufficient.)
* After negotiation of an EAP authentication method is confirmed (e.g. an EAP-Response with Type=X has been sent in response to an EAP-Request with Type=X) is it possible to send an EAP Notification if the method negotiated forbids notifications? (e.g. can a Notification be sent after the method completes, instead of Success/Failure).
The answer that I found to this seems partial, but it is at least clear that if the method forbids notifications then the peer can't respond to them. By implication, if the server sends notifications then it will have to wait for the response and the process ends up in a timeout.
Section 5.2 of RFC 3748:
The peer MUST respond to a Notification Request with a Notification Response unless the EAP authentication method specification prohibits the use of Notification messages.
--Jari
-
Some questions about EAP Notifications Bernard Aboba, February 15 2005
- Re: Some questions about EAP Notifications Jari Arkko, February 16 2005
-
Re: Some questions about EAP Notifications Bernard Aboba, February 16 2005
- Re: Some questions about EAP Notifications Jari Arkko, February 16 2005
- Re: Some questions about EAP Notifications Bernard Aboba, February 16 2005
- Re: Some questions about EAP Notifications Jari Arkko, February 16 2005
Results generated by Tiger Technologies using MHonArc.