On Tue, Feb 24, 2009 at 10:36 AM, Alan DeKok <aland@deployingradius.com> wrote:
Defining "progress" per EAP type may be difficult.
Indeed and that is why the hardcoded limit of round trips ended up being there in the first place.. ;-) Anyway, the most common issue case I've seen is where EAP server and peer end up sending TLS ACK messages in a loop and that would be easy to catch. Anyway, if this were to change at some point, I would assume there ends up being the default round trip limit and then some EAP type specific improvements to optimize that for the methods that need support for longer exchanges.
Yes, I recall those discussions related to TNC and NEA a while ago. From what I see in the standards now, there is no reason for *bulk* transfer of data over EAP. The TNC standards require pretty small data transfers.
Sure, no bulk data should be supported, but even TNC requires IF-TNCCS messages of up to 100 kilobytes in length which goes beyond the 50*1400 bytes or so (depending on max frame length) limit that is currently hardcoded in wpa_supplicant.
And even if wpa_supplicant is changed, it will be difficult to change the millions of AP's out there.
Well, I would hope that most APs don't have such limits on the EAP/EAPOL; this is supposed to be transparent data they are just proxying through.. Anyway, yes, if they do have a hard limit, there is not much that can be done to make this work with such a NAS. - Jouni