eap Mailing List: Re: EAP failure: reasons?

[Madjid Nakhjiri (mnakhjiri]

Thanks for the response. Yes, I figured it probably goes through the method,
assuming the method supports it. Carrying something with TLS alert will
mean, the failure has to be conveyed before the final Failure packet for the
EAP-TLS.

Madjid

-----Original Message-----
From: Cao, Zhen [mailto:caozhen [at] infosec.pku.edu.cn] 
Sent: Thursday, January 18, 2007 8:56 PM
To: Madjid Nakhjiri; eap [at] frascone.com
Subject: Re: [eap] EAP failure: reasons?

Hi Madjid, 

In my opinion, the reason for failure may be indicated by the specific EAP
method, e.g., in EAP-TLS it is supported by the TLS alert protocol (carried
by EAP request messge). Since RFC3748 specifies that 'Success and Failure
packets MUST NOT contain additional data', it is only possible for the
specific EAP method to get around this. 

Many thanks,
Zhen
2007-01-19

-----Original Message-----
From: Madjid Nakhjiri caozhen [at] infosec.pku.edu.cn
Sent: 2007-01-19
To: eap [at] frascone.com
Subject: [eap] EAP failure: reasons?

>Hi,
>
> 
>
>Question from implementers forwarded to the list:
>
> 
>
>EAP Failure and Success messages do not carry any Type or type data. This
>means the reason for Failure cannot be indicated to the peer using Failure
>packet.
>
>Is it expected that the peer somehow within the EAP method finds out why
>things went wrong? 
>
>Is there anyway to get around this?
>
> 
>
>Thanks in advance,
>
> 
>
>Madjid
>
>
>_________________________________________________________________
>To unsubscribe or modify your subscription options, please visit:
>http://lists.frascone.com/mailman/listinfo/eap
>
>Arhives: http://lists.frascone.com/pipermail/eap