Re: [Emu] EAP and Transport Protocol
Alan DeKok <aland@deployingradius.com> Mon, 01 April 2019 11:16 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B96C1200F9 for <emu@ietfa.amsl.com>; Mon, 1 Apr 2019 04:16:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9qb7ZqTQ78Kv for <emu@ietfa.amsl.com>; Mon, 1 Apr 2019 04:16:21 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 41DC11200E3 for <emu@ietf.org>; Mon, 1 Apr 2019 04:16:20 -0700 (PDT)
Received: from [192.168.46.58] (198-84-237-221.cpe.teksavvy.com [198.84.237.221]) by mail.networkradius.com (Postfix) with ESMTPSA id 3A21B2F6; Mon, 1 Apr 2019 11:16:19 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <33af57b3-950b-20e2-7aae-7fea8d07b283@openca.org>
Date: Mon, 01 Apr 2019 07:16:16 -0400
Cc: EMU WG <emu@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5DF500CA-4D6F-4A03-A5E0-6F410D67370B@deployingradius.com>
References: <33af57b3-950b-20e2-7aae-7fea8d07b283@openca.org>
To: "Dr. Pala" <director@openca.org>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/emu/c_F1OOpe4QPdg9gXZ5GUs49tu34>
Subject: Re: [Emu] EAP and Transport Protocol
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emu/>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2019 11:16:23 -0000
On Mar 8, 2019, at 5:51 PM, Dr. Pala <director@openca.org> wrote: > > being fairly new to the EAP world, I noticed that in some environment, EAP is layered on top of other protocols - in particular RADIUS and DIAMETER. EAP was originally over PPP. Now it's mostly RADIUS. There may be increasing use in the Diameter space. > I guess that in some environments this make sense because of accounting purposes across operators, however this makes the protocol stack quite complicated. For TTLS, it can be: * Ethernet * IP * UDP * RADIUS * EAP * EAP-TTLS * TLS * EAP * EAP-MSCHAPv2 * MSCHAPv2 credentials Yes, it's complicated. > In particular, I was working on the definition of a PAM module to provide SSH credentials delegation and I wanted to use EAP - however, I could not find an implementation of EAP-over-TLS that could be easily used. hostap. It has both client and server implementations of most EAP types. See also "eapol_test" for an example of integrating it into a simple application. There's really no other choice. Open Source implementations of EAP are few and far between. On the server side, it's only hostap and FreeRADIUS. On the client side, it's hostap. There used to be "xsupplicant" and "open1x" on the client side, but those have been dead for 10 years. > In particular, the use of the Early truncation? Alan DeKok.
- [Emu] EAP and Transport Protocol Dr. Pala
- Re: [Emu] EAP and Transport Protocol Alan DeKok
- Re: [Emu] EAP and Transport Protocol Michael Richardson