eap Mailing List: Re: Ordered delivery of EAP messages

[Bernard Aboba (bernard_aboba]

The primary situation is one where the RTO maintained by the authenticator 
is under-estimated, and an
EAP-Request has been retransmitted.

In this situation, an EAP-Response could arrive in response to a previous 
EAP-Request (e.g. a false retransmission occurred).   The authenticator will 
move on, choosing a new Identifier for the next EAP-Request.  This leaves 
two EAP-Requests in flight, and they could conceivably cross paths.

If the new EAP-Request arrives before the retransmitted one, when the 
retransmitted EAP-Request finally arrives, it will be taken as a new 
EAP-Request, which could disrupt the authentication in progress.


> Glen Zorn wrote:
>
> > My question is, since EAP is also a lockstep protocol, under what
> > conditions could EAP messages be delivered out of order, regardless
> > of lower layer behavior WRT in-order delivery?
>
> This was discussed as part of issue 188 a very long time ago :)
> Back then (October 2003), I wrote:
>
>   Lower layer ordering guarantees are needed because the Identifier
>   field is not required to be ordered. If messages can be reordered,
>   the peer can't necessarily distinguish a new EAP Request from a
>   reordered retransmission of an old request.
>
>   See http://www.ietf.org/internet-drafts/draft-ietf-pana-pana-02.txt,
>   Appendix A for a concrete example.
>
> Best regards,
> Pasi
> _________________________________________________________________
> To unsubscribe or modify your subscription options, please visit:
> http://lists.frascone.com/mailman/listinfo/eap
>
> Arhives: http://lists.frascone.com/pipermail/eap