| Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Wed, 14 Jun 2006 07:40:56 -0700 (PDT) | |
Parallel EAP exchanges must be a functionality of EAP lower layer, not a shim layer like GEE because RFC 3748 and RFC 4137 do not assume a shim layer betwen EAP layer and lower layer. Introducing a shim layer heavily impacts on existing lower layer deployments and we must avoid it. I never figure out how GEE can work with IEEE 802.1X that does not allow shim layer on top of it. There are several lower layers that already define serial EAP exchanges, PANA, IKEv2 (draft-eronen-ipsec-ikev2-multiple-auth-01.txt) and IEEE 802.16e. Those lower layers can also define parallel EAP exchanges. Yoshihiro Ohba On Tue, Jun 13, 2006 at 11:18:36AM -0700, Narayanan, Vidya wrote: > > > > > > > >>GEE is not a general purpose authentication protocol. It > > > is a generic > > > >>EAP encapsulation mechanism that allows demultiplexing of > > multiple > > > >>simultaneous EAP conversations between a peer and an > > > authenticator. > > > >>You say that the draft does describe the MVNO scenarios > > well, so I > > > >>guess we can safely conclude that it does its job then. > > > >Yes, I know GEE allows demulitplexing multiple EAP > > > conversation. AFAIK, > > > >MVNO is currently the only application for GEE. Do you have > > > any other > > > >application in your mind? > > > > Here no reply for author's company, > > so I suppose there will be no any other applications existed. > > it means GEE could only be used for network access scenario, > > and doesnt support any service. > > It also means EAP demultiplexing is only needed for network acess. > > So the application will be quite narrow, > > I could not understand why this solution could be accepted by WG. > > > > GEE is not an authentication protocol, as you have correctly understood. > Anything that requires parallel runs of two EAP sessions can use GEE - > the only lower layer that doesn't need this is IKEv2 (since it does much > beyond functioning just as an EAP lower layer). All other lower layers > need a mechanism like GEE to demultiplex the parallel EAP exchanges. > Examples of usage scenarios can be MVNO-based network access, device and > user authentication, etc. The MVNO case has been identified as the one > that immediately requires a solution - hence, GEEv0 has been tailored > for this. However, the protocol has been written in an extensible manner > (the current draft has details on how GEEv1 can extend the protocol for > generic multiple EAP authentications) - so, future versions of GEE can > support multiple EAP exchanges for other purposes as well. > > Hope that helps. > > Regards, > Vidya > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
-
Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 +ACI-DENG, HUI -HCHBJ+ACI-, June 13 2006
-
Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 Narayanan, Vidya, June 13 2006
- Message not available
- Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 Lakshminath Dondeti, June 13 2006
- Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 Yoshihiro Ohba, June 14 2006
- Message not available
- Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 Quinn Li, June 14 2006
-
Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 Narayanan, Vidya, June 13 2006
- Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 DENG, HUI -HCHBJ, June 14 2006
-
Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 DENG, HUI -HCHBJ, June 14 2006
- Re: +AFs-eap+AF0- Questions for draft-barany-eap-gee-01 Lakshminath Dondeti, June 14 2006
Results generated by Tiger Technologies using MHonArc.