eap Mailing List: Re: Key derivation and the principle of equivalence

[Yoshihiro Ohba (yohba]

On Thu, May 12, 2005 at 11:06:09PM -0700, Bernard Aboba wrote:
> > [Joe] I need some help with terminology here.  Isn't it that EAP is
> > spoken between the EAP peer and authenticator unless the authenticator
> > is running in pass-through mode in which case it is spoken between the
> > EAP peer and an EAP server?   If this is the case then we probably have
> > to adjust some of the terminology used below.
> 
> As defined in RFC 3748, the term "EAP server" applies in both the
> pass-through and non-pass-through cases.  Where there is no pass-through,
> the "EAP server" and "EAP authenticator" are the same entity.

Since the EAP authenticator is the entity that does timer-based
retransmission of EAP-Requests, it is pretty strange to me to hear
that the EAP server is one end of the EAP protocol.

My understanding of RFC 3748 is:

- EAP is a two-party protocol defined between a peer and an
authenticator.

- An EAP method is defined between a peer and a server.

- It is possible to implement the authenticator and the server in
different physical entities.

Yoshihiro Ohba