RE: questions on draft-mariblanca-aaa-eap-lla-00.txt

Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com> Mon, 12 July 2004 20:08 UTC

Envelope-to: radiusext-data@psg.com
Delivery-date: Mon, 12 Jul 2004 20:08:26 +0000
Message-ID: <EBF631554F9CD7118D0B00065BF34DCB09EA1232@il27exm03.cig.mot.com>
From: Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>
To: "'jari.arkko@piuha.net'" <jari.arkko@piuha.net>, Nakhjiri Madjid-MNAKHJI1 <Madjid.Nakhjiri@motorola.com>
Cc: radiusext@ops.ietf.org, "David Mariblanca (EE/EEM)" <david.mariblanca@ericsson.com>
Subject: RE: questions on draft-mariblanca-aaa-eap-lla-00.txt
Date: Mon, 12 Jul 2004 15:08:15 -0500
MIME-Version: 1.0
Content-Type: text/plain

Hi Jari,

Thank you for your quick response. I guessed that the EAP-IKEv2 had some drafts behind it. Thank you for the links, I will look at those drafts.

As far as the attribute format on the EAP-message attribute, I understand the legacy deployment issues. I was just wondering how the new attribute datatypes discussions (a while ago) went on this list. I guess this is still part of the data model work.

BR,

Madjid

-----Original Message-----
From: Jari Arkko [mailto:jari.arkko@piuha.net]
Sent: Monday, July 12, 2004 2:01 PM
To: Nakhjiri Madjid-MNAKHJI1
Cc: radiusext@ops.ietf.org; David Mariblanca (EE/EEM)
Subject: Re: questions on draft-mariblanca-aaa-eap-lla-00.txt

Nakhjiri Madjid-MNAKHJI1 wrote:

> I can understand that one may want to signal the info on the
> kind of L2 that is carrying the EAP messages over the link
> from end device to Access node, so PPP and 802.1x make sense.

Yes.

> But what is the purpose of IKEv2 and PANA? Are we saying we
> expanded the L2 concept to L3 and EAP is carried over IKEv2
> for protection over the single hop?

The EAP concept has already been expanded from L2 to L3 with the
introduction of things like IKEv2 or PANA. But this is really
not related to David's draft -- the expansion comes from
documents such as draft-ietf-ipsec-ikev2-nn.txt or draft-ietf-
pana-pana-mm.txt.

By the way, such usage of EAP in IKEv2 is not necessarily
limited to a single hop.

> If yes, then why nothing on IKEv1? Would you care to explain?

Because there is no current specification which would extend
IKEv1 so that it could use EAP authentication. (PIC did something
like that but my understanding is that PIC work is no longer
alive; please feel free to correct me if I have been mistaken.)

> I also have a general question: RFC 3579 defines an EAP-message
> attribute for RADIUS with an IANA type of 79. So far I have not
> understood how grouping of attributes works for RADIUS, but it
> feels like the EAP-message attribute and L2 info attribute 
> should be grouped together somehow, especially if the attribute
> space is tight. Anybody cares to explain?

The problem is that EAP-Message has already been implemented
and deployed, so its hard to add anything into that attribute
without breaking everyone's devices.

--Jari

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Re: questions on draft-mariblanca-aaa-eap-lla-00.… Bernard Aboba
Re: questions on draft-mariblanca-aaa-eap-lla-00.… Jari Arkko
RE: questions on draft-mariblanca-aaa-eap-lla-00.… Nakhjiri Madjid-MNAKHJI1
Re: questions on draft-mariblanca-aaa-eap-lla-00.… Jari Arkko
RE: questions on draft-mariblanca-aaa-eap-lla-00.… Nakhjiri Madjid-MNAKHJI1
Re: questions on draft-mariblanca-aaa-eap-lla-00.… Jari Arkko
questions on draft-mariblanca-aaa-eap-lla-00.txt Nakhjiri Madjid-MNAKHJI1