eap Mailing List: RE: [Issue 297] Review of Identity Selection -12

[Adrangi, Farid (farid.adrangi]

Thanks!  

Are you suggesting that RFC 2607 needs to be updated for use with EAP?
If so, are we making that as a dependency for our Identity selection
draft?  

BR,
Farid

> -----Original Message-----
> From: Bernard Aboba [mailto:aboba [at] internaut.com] 
> Sent: Monday, April 25, 2005 9:07 AM
> To: Adrangi, Farid
> Cc: eap [at] frascone.com
> Subject: RE: [eap] [Issue 297] Review of Identity Selection -12
> 
> 
> > section 5.1 says that proxy must reply with Access-Reject or
> > Access-Challenge -- so why do you consider that additional proxy
> > behavior?
> > Thanks,
> > Farid
> 
> RFC 2607 doesn't say what is contained in the Access-Reject (probably
> because it was written before use of EAP became popular).  
> Back in those
> days, an Access-Reject would probably just contain a Reply-Message
> attribute with an error message, or maybe nothing at all.  However,
> Reply-Message was deprecated in RFC 3579, so that won't work with EAP.
> 
> Therefore the portion of the document that refers to acceptable
> proxy behavior in response to an unknown realm in an Access-Request
> containing EAP-Message attributes probably should be followed by all
> RADIUS proxies.  It's a clarification of RFC 2607 for use with EAP.
>