| RE: Re: IEEE 802.16e EAP usage modes | <– Date –> <– Thread –> |
From: Bakshi, Sanjay (sanjay.bakshi intel.com)
|
|
| Date: Thu, 7 Apr 2005 21:53:34 -0400 (EDT) | |
Bernard,
Starting a new thread as promised...
Please see my comments below.
Thanks,
sanjay
> Issues that come to my mind are
> a) MTU discovery
> For the minimum MTU of 1020 specified in RFC3748 can be used
EAP can't do MTU discovery, per se. Are you saying that a minimum MTU
of 1020 is always available?
<<sanjay>> Per RFC MTU of 1020 is the minimum that should be supported
> b) Channel Binding
> Are there any EAP methods that implement this?
Yes, there are methods that are capable of this. The EAP peer and
server verify that the "authenticator" they see is offering the same
information to each of them. For example:
Authenticator MAC address as seen by peer = Called-Station-ID in
Access-Request
SSID as seen by peer = SSID in Access-Request
NAS-Identifer as seen by peer = NAS-Identifier in Request
<<sanjay>> So is it fair to say that channel binding is a way to verify
the identity of the authenticator. It seems it directly does not really
have to do anything with the lower layer used to communicate between
peer and authenticator. Lower layer just happens to have some attributes
such Authenticator MAC that help identify the Authenticator?
Also it seems there is an implicit assumption that for channel binding
to work as per rfc3748, either the peer needs to know the identity of
the authenticator up front or an authenticator should be able to
advertise its identity to securely somehow?
Also can you give me examples of EAP-methods that support channel
binding?
> It is not clear to me how Channel Binding is implemented when pass-
> thru authenticator is in use. This because the Channel (lower
> layer) between peer and pass-thru authenticator is different from the
> lower layer between pass-thru authenticator and AAA backend that
> execute the EAP method.
I'm not sure why this would affect Channel bindings.
<<sanjay>> I agree with you.
- RE: Re: IEEE 802.16e EAP usage modes, (continued)
-
RE: Re: IEEE 802.16e EAP usage modes Bakshi, Sanjay, April 5 2005
- RE: Re: IEEE 802.16e EAP usage modes Bernard Aboba, April 6 2005
-
RE: Re: IEEE 802.16e EAP usage modes Jeff Mandin, April 6 2005
- RE: Re: IEEE 802.16e EAP usage modes Bernard Aboba, April 6 2005
- RE: Re: IEEE 802.16e EAP usage modes Bakshi, Sanjay, April 7 2005
- RE: Re: IEEE 802.16e EAP usage modes Bernard Aboba, April 10 2005
-
RE: Re: IEEE 802.16e EAP usage modes Bakshi, Sanjay, April 5 2005
-
Re: IEEE 802.16e EAP usage modes Jeff Mandin, April 8 2005
- RE: Re: IEEE 802.16e EAP usage modes Alper Yegin, April 8 2005
- Re: IEEE 802.16e EAP usage modes Bernard Aboba, April 8 2005
Results generated by Tiger Technologies using MHonArc.