eap Mailing List: RE: Basic facts about EAP

[Pasi.Eronen (Pasi.Eronen]

Bernard Aboba wrote:
>
> I have received a request that the following basic facts about
> EAP be posted to the EAP WG mailing list.
>
> a. EAP is a two party protocol, run between an EAP peer and
> server.  Saying EAP is an N-party protocol is like saying that
> TCP is a N-party protocol because TCP packets pass through
> routers.  Forwarding an EAP packet without modification does
> not cause an entity to become a "participant" in an EAP
> conversation any more than forwarding an IP packet turns a
> router into a host.

I fully agree. EAP is a two-party protocol between two entities.

However, EAP is always used as a component or "sub-protocol" in
a system which includes several other (sub-)protocols and
usually more than two entities.

I think one reason for the recent confusing discussions is that 
we do not have good _names_ for these systems and "mega-protocols".  
We do have the systems, though: whenever we're talking about 
N-party protocols or mentioning both EAP and RADIUS/Diameter/AAA 
in the same sentence, we're talking about some particular system
(that uses EAP protocol somewhere in it, but includes much more).

And there's no single correct system, either. For instance, it's 
perfectly OK to have a system where both EAP server and RADIUS server 
are considered to be parts of a single logical entity. But nothing 
in the components (EAP or RADIUS) implies or forces this: it is 
this unnamed system that is making this definition. But since we 
don't have good names for these systems, it's easy to get a 
disagreement when two people are, in fact, talking of two different 
systems that happen to use EAP (or are arguing that there is or 
should be a single correct system, and no other systems are allowed
to use EAP).

Best regards,
Pasi