Re: [AAA-WG]: Wrapping up Diameter EAP...

[Yoshihiro Ohba <yohba@tari.toshiba.com>]

On Wed, May 12, 2004 at 07:45:17AM -0700, Bernard Aboba wrote:
> A question:
> 
> RFC 3579 requires that a RADIUS client be able to differentiate one EAP
> session from another.  As we've been discussing in EAP WG, this may be
> tricky in the case where an EAP authentication is restarted via an
> EAPOL-Start message.
> 
> I don't see any text in this draft equivalent to RFC 3579, Section 2.6.1
> that describe how Diameter handles this problem.  I suspect that Diameter
> should be able to do better than RADIUS, but guidance on how the server
> should behave would be helpful.

Hmm, what is the exact definition of EAP session?

In section 4.1 of draft-ietf-eap-rfc2284bis-09.txt:

      "Since the Identifier space is unique to each session,
      authenticators are not restricted to only 256 simultaneous
      authentication conversations.  Similarly, with re-authentication,
      an EAP conversation might continue over a long period of time, and
      is not limited to only 256 roundtrips."

This text seems to indicate that an EAP session can span over multiple
rounds of re-authentication, and I don't think session identification
attributes do not have to change when reset or re-authentication
occurs.

Yoshihiro Ohba




> 
> On Wed, 12 May 2004 Pasi.Eronen@nokia.com wrote:
> 
> > Hi,
> >
> > I've posted an intermediate version of draft-ietf-aaa-eap-06.a
> > at http://www.cs.hut.fi/~peronen/eap/diameter_eap.html
> > together with a HTML diff from version -05.
> >
> > This is supposed to resolve all remaining open issues, but
> > I would encourage everyone to check if they are OK with
> > the changes.
> >
> > If I don't get any complaints, I'll post this as -06 some time
> > next week and ask the WG chairs to send it to the IESG.
> >
> > Best regards,
> > Pasi
> >