Artur Hecker wrote:
That's what I meant. You could actually map this to a virtual interface (a signaling channel) and put the whole mobility things, network and service discovery, etc. on it: handoffs, mDNS, UPnP, whatever, to discover where you are and what it is. All that signed / encrypted with the authentication keys, previously established.
Yes. There are limitations, of course, but it should pretty much work...
1. The IETF's EAP-WG does not want it. EAP is authentication, not a generic transport.
Yes, but... if it works, people will use it. I'm also the co-chair of the EAP Method Update (EMU) WG, though I can't (of course) use that position for nefarious gains...
2. Even if it is ok for an Enterprise network, it is not ok for the Internet, which IETF is responsible for. It means indeed a different access model. The local provider becomes a bit too mighty in this configuration, so it cannot become a generic standard. This has been recently discussed at HOKEY, I believe.
The NEA WG is chartered *specifically* for the enterprise. Realistically, the difference between the Internet and the corporate net is disappearing. Alan DeKok.