Re: [eap] Ordered delivery of EAP messages

[Alan DeKok <aland@nitros9.org>]

Alper Yegin wrote:
> EAP gets confused if it ever receives packets out of order.

  Are we saying that the individual EAP methods do not need to catch
invalid state transitions?

> Given that EAP is a lock-step protocol, any one of the three remedies is
> sufficient to ensure packets never get out of order:
> 
> 1-  EAP lower layer ensures ordering
> 2a- EAP lower layer eliminates duplicates
> 2b- EAP eliminates duplicates
> 
> Having more than one of the remedies is not necessary.

  Yes.

> RADIUS does not talk about 1, does not properly mandate 2a.

  Yes.  That will be fixed in the next release of the Issues & Fixes draft.

> If we decide to go with 2a, we need to fix RADIUS spec. Meanwhile, can we
> assume all of the current RADIUS implementations are already supporting 2a,
> so that in the absence of 1 and 2b EAP works well?

  No.

  While all non-toy RADIUS implementations I'm aware of already do
duplicate detection, this has nothing whatsoever to do with EAP.  There
are EAP-only servers, and those servers MUST ALSO perform duplicate
detection, or an approach with similar results.  This mandate needs to
be part of the EAP specification.

  The RADIUS spec will be fixed independently of EAP, but at the same
time, for the same reasons.

  Alan DeKok.


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>