On Fri, 28 Jul 2023, at 10:30, josh.howl...@gmail.com wrote:
> The fragmentation issue that Heikki mentions is specific to EAP over RADIUS,
> where RADIUS is using UDP transport. It isn’t a property of EAP itself, and
> so I don’t follow why this makes EAP impractical for IoT.
As the underlying transport may have a *much* small framing window; Ethernet
has a frame size but it is large enough for no one to need care about it.
When using IPv6 you know you will get at least 1280 bytes, for IPv4 it it at
least ~500 bytes (I cannot remember the actual value). For whatever transport
the IoT network is, this may be <100 bytes.
For example if IoT went over ATM (ze gods!) then it would require fragmenting
at 48 bytes. You could have the ATM layer do this, but if your application
knows what that boundary is it is better to do at the higher level. This is the
reason why with RADIUS we do not just send a 15kB byte single UDP packet and
have IP fragments pinging around; plus many networks now block fragments at
their boundaries too.
I do not think EAP itsself is 'unsuitable', I think it potentially makes many
of the methods as Heikki flagged a little tricky to work with.
You need look no farther than IPv6 inside of a Wireguard tunnel to see these
kind of problems; packet too big messages are just blackholed so go luck doing
TLS without MSS clamping or pushing down your general MTU. Its like ECN and MTU
blackholes of the early 2010's all over again... :(
Cheers
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
