eap Mailing List: Re: Basic facts about EAP

[Jari Arkko (jari.arkko]

Hi Joe,

> > I usually refer to the system as the "network access control 
> > system", though this works only when EAP is used where it was 
> > originally intended to be used. The system consists of 
> > clients, NASes, proxies, and servers, and has three main
> > protocols:
> >
> > - First hop, either on L2 (e.g. 802.11i) or L3 (e.g. PANA, IKEv2)
> > - AAA, running between NASes and servers in a fashion where
> >  the existence of the proxies is visible and known to the protocol
> > - EAP, running between the client and the servers, unaware
> >  of NASes unless channel bindings are being provided
> >
> >    
>
> [Joe] It would be better if EAP is unaware of NASes even if channel
> bindings are being provided.  If EAP methods are going to remain
> agnostic of their lower layers then this sort of information should be
> passed out of the EAP method for the encapsulating layer to deal with.  
>  
Yes, I think you are right. Let me try to rephrase:

- EAP, running between the client and the servers. EAP
 is unaware of NASes.

 NASes may be used for forwarding EAP messages back
 and forth, similar to how routers forward IP packets
 belonging to end-to-end TCP connections.

 Also, some information about the NAS may be exchanged
 over EAP between the peer and the server (this may happen
 irrespective of the NAS and the server being in the same node
 or not). Such information is typically opaque data from the
 point of view of EAP, since EAP is media independent.

--Jari