Ordered delivery & duplicate rejection aren't the same thing.
In general, that's true. But if you have an ACK/NAK protocol that only allows a single packet in flight other than retransmissions, doesn't effective duplicate rejection imply ordered delivery?
Suppose that the conditions you specify are met for the EAP peer and authenticator, as well. Does that solve the problem?
If EAP were to implement duplicate rejection within a short time window, yes that would solve the problem. We discussed this during the development of RFC 3748, partly out of the desire to reconcile EAP with IEEE 802.1X-2001 which utilized a monotonically increasing Identifier field. During that discussion we found that there were EAP implementations (such as the Solaris version, as I recall) that did not implement a duplicate rejection window. That is how the ordering guarantee found its way into RFC 3748, so as to guarantee that those implementations would work.
-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>