eap Mailing List: Question on EAP statemachine

[Mahesh Kelkar (mkelkar]

EAP conversation starts when the EAP-server sends the
EAP-start packet to the peer and it ends when the
EAP-server sends the EAP-success or EAP-failure packet to
the peer. As per RFC 3748, only one authentication method
is allowed to be negotiated within this conversation.

Consider a case, where 
1. EAP-server (E1) authenticates the peer by negotiating
the EAP authentication method (say, A1) and sends the
EAP-success (with an identifier value, say 10). 
2. Another EAP-server (E2) is in the netowrk
3. Lets assume that E1 can communicate some EAP negotiated
information to the E2

Question 1:

Can EAP-server (E2) start a new EAP negotiation with the
peer by sending an Identity request pacekt or an EAP-start
packet? 

Thus, the peer would receive an EAP-sucecss packet followed
by an EAP Identity request or an EAP-start packet.

Question 2:
What should the EAP-server (E2) send to the peer in order
to rekindle the negotiation? an EAP identity request or
EAP-start packet? 

If E1 has already conveyed the user-identity (or contents
of Type-Data field in the EAP Identity response) to E2 then
E2 can skip the identity exchange and proceed with the
EAP-start packet. It can help us save the user interaction.

Question 3:
What should be the identifier value of the EAP identity
request or the EAP-start packet? (11?, if identifier value
of the earlier EAP-success was 10) or (any value, say 1)

Question 4:
Can EAP-server (E2) negotiate a different EAP
authentication method (say, A2) with the peer?

I could not discern this information from the peer
statemachine and wanted to touchbase with you since lot of
peer implementations would be based on it.

Your responses are appreciated.

Thanks
Mahesh


+++++++++++++++++++++++++++++
 M a h e s h  V  K e l k a r


                
____________________________________________________ 
Yahoo! Sports 
Rekindle the Rivalries. Sign up for Fantasy Football 
http://football.fantasysports.yahoo.com