eap Mailing List: Re: Basic facts about EAP

[Jari Arkko (jari.arkko]

Bernard Aboba wrote:

> > And there's no single correct system, either. For instance, it's
> > perfectly OK to have a system where both EAP server and RADIUS server
> > are considered to be parts of a single logical entity. But nothing
> > in the components (EAP or RADIUS) implies or forces this: it is
> > this unnamed system that is making this definition. But since we
> > don't have good names for these systems, it's easy to get a
> > disagreement when two people are, in fact, talking of two different
> > systems that happen to use EAP (or are arguing that there is or
> > should be a single correct system, and no other systems are allowed
> > to use EAP).
> >    
>
> Do you have a suggestion for how we might clarify the usage?
>  
I usually refer to the system as the "network access control
system", though this works only when EAP is used where
it was originally intended to be used. The system consists
of clients, NASes, proxies, and servers, and has three main
protocols:

- First hop, either on L2 (e.g. 802.11i) or L3 (e.g. PANA, IKEv2)
- AAA, running between NASes and servers in a fashion where
 the existence of the proxies is visible and known to the protocol
- EAP, running between the client and the servers, unaware
 of NASes unless channel bindings are being provided

--Jari