1 / 3

Eap STate machinE dEsign teaM (ESTEEM)

Eap STate machinE dEsign teaM (ESTEEM). Draft http://www.ietf.org/internet-drafts/draft-ietf-eap-esteem-00.txt Team members

fola
Télécharger la présentation

Eap STate machinE dEsign teaM (ESTEEM)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Eap STate machinE dEsign teaM (ESTEEM) Draft http://www.ietf.org/internet-drafts/draft-ietf-eap-esteem-00.txt Team members Bernard Aboba, Jari Arkko, Paul Congdon, Rodrigo Garces, Robert Moskowitz, Yoshihiro Ohba, Bryan Payne, Nick Petroni, Joseph Salowey, John Vollbrecht, Jesse Walker, Glen Zorn Goal Fix state machine so that it is compatible with IEEE 802.1aa and RFC 2869 Bis, and that it correctly handles optional identity exchange, method sequences, re-authentication, retransmission, ... Operation Position papers, weekly conferences, minutes, esteem draft, input to issues and state machine drafts

  2. ESTEEM Position Papers • Issues with the EAP State MachineYoshihiro Ohba • Comparison of EAP state machines with RFC 2284bisBryan Payne, Nick Petroni • EAP State Machine CompletenessJari Arkko • When can notif/nack/... be sent?Bernard Aboba • Communication between the Method and EAP layerBernard Aboba • EAP switch and multiple methodsJohn Vollbrecht

  3. ESTEEM Decisions Basic issues • Allow notification in any state; can’t be Nakked • EAP layer (not method) handles duplicate detection and id numbers (#25) • Follow IEEE 802.1aa format in state machine definition Identity requests • Identity request/response can only appear between methods • Our preference is that identity requests be optional. • Leaning towards making Nak disallowed for Identity Request Success and failure indications • If an authenticated indication exists, should not believe alternative indications • Link-layer indications provided to EAP MUST be processed (#2) • Unprotected success indications are only accepted after method is complete (#2) • Peers should be able to accept Failure in unauthenticated state • Authenticated indications require support for sequences or tunnels (#10) Sequences • Methods can’t be executed in parallel; Nak if received • No pre-negotiation of method sequencing capability, just Nak afterwards (#7)

More Related