-----Original Message-----
From: Emu <emu-boun...@ietf.org> On Behalf Of Rick van Rein
Sent: Wednesday, April 22, 2020 12:52 AM
To: Alan DeKok <al...@deployingradius.com>
Cc: EMU WG <emu@ietf.org>
Subject: Re: [Emu] Proposal: SASL over EAP
Hi Alan / EMU,
I'll try to talk to Paul @ SURF about Diameter <--> RADIUS; he runs Eduroam
and I think he has mentioned Diameter before. Our use case is completely
new anyway, so we have a free choice.
Good to hear that EAP-SASL sounds implementable. We haven't built it, but I
usually "mentally program" the stuff while spec'ing.
> The concern is that the document does not explain *who* would use this
solution, or *why* they would use it. Or, why it would be used instead of
existing EAP methods.
I can add that, thanks for asking. There are WG's where I've been requested
to remove such contextual aspects.
> The ABFAB working group standardized precisely this many years ago. One
implementation is Moonshot:
>
> https://www.jisc.ac.uk/rd/projects/moonshot
I know about Moonshot, and that the project was abandoned. What it does iss
the reverse; Moonshot runs EAP on top of GSS-API / SASL, whereas I am
proposing SASL on top of EAP.
[JLS] I am a bit surprised at hearing this is abandoned given that they
released an update of the software on the 20th of April
> They demonstrated roaming users authenticating to home networks using
EAP over AAA. Not just for network access, but for SSH, Web login, etc. It
would be good to explain why ABFAB is not applicable to this problem.
That is fair crisicism, and I will think it over for a new version.
Thanks for the input, they are good input to a new version. I'll think
about a few for a while, as that usually helps to better balance things.
-Rick
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
