On Thu, 29 Jan 2015, Valery Smyslov wrote:
In conclusion, is the following text OK?
ID_NULL is primarily intended to be used with the NULL
Authentication, but it MAY also be used in other situations, when the
content of Identification payload does not matter. For example,
ID_NULL can be
Fine with me.
Yaron
On 01/29/2015 04:35 PM, Valery Smyslov wrote:
Valery Smyslov writes:
I don't see how this can be done without breaking existing
implementations, and therefore I am unhappy with the new sentence in
-03, "Another example is EAP authentication when the client
identity
Valery Smyslov writes:
I don't see how this can be done without breaking existing
implementations, and therefore I am unhappy with the new sentence in
-03, "Another example is EAP authentication when the client identity in
ID payload is not used." A responder that receives a new, unknown ID
type
Valery Smyslov writes:
I don't see how this can be done without breaking existing
implementations, and therefore I am unhappy with the new sentence in
-03, "Another example is EAP authentication when the client identity in
ID payload is not used." A responder that receives a new, unknown ID
type
Valery Smyslov writes:
> > I don't see how this can be done without breaking existing
> > implementations, and therefore I am unhappy with the new sentence in
> > -03, "Another example is EAP authentication when the client identity in
> > ID payload is not used." A responder that receives a new,
Hi Yaron,
The text in RFC7296 specifically does not limit the uses of EAP
identities more than that "SHOULD NOT" just because we wanted to leave
things open so different implementations can do whatever is suitable
for them.
That's why I think that ID_NULL can be used as IDi
in case of EAP - th
The text in RFC7296 specifically does not limit the uses of EAP
identities more than that "SHOULD NOT" just because we wanted to leave
things open so different implementations can do whatever is suitable
for them.
That's why I think that ID_NULL can be used as IDi
in case of EAP - this usage d
It is fully legal for NAS to sent EAP Identity request and
not use IKE Identity. Then, many modern EAP methods
(like EAP-TLS) have their own means to exchange Identities
within the method, and in this case the initial IKE Identity becomes
almost useless.
And for some EAP libraries getting rid of
Valery Smyslov writes:
> > Nope. The IKE ID payloads needs to be used, and the EAP identity
> > reqeuest and respond SHOULD NOT be used (from RFC7296 section 3.16):
> >
> > Note that since IKE passes an indication of initiator identity in the
> > first message in the IKE_AUTH exchange, the res
I changed a subject field.
Valery Smyslov writes:
Hi Tero,
> On the other hand same section says that ID_NULL SHOULD only be used
> with NULL authentication method. In which scenarios do you think
> ID_NULL can be used when using normal authentication? I.e. which is
> the exception for the SHO
10 matches
Mail list logo