dot1x specification EAPOL-Logoff clarification
Alan DeKok
aland at deployingradius.com
Wed Apr 30 17:02:24 CEST 2008
Artur Hecker wrote:
> That's what I meant. You could actually map this to a virtual interface
> (a signaling channel) and put the whole mobility things, network and
> service discovery, etc. on it: handoffs, mDNS, UPnP, whatever, to
> discover where you are and what it is. All that signed / encrypted with
> the authentication keys, previously established.
Yes. There are limitations, of course, but it should pretty much work...
> 1. The IETF's EAP-WG does not want it. EAP is authentication, not a
> generic transport.
Yes, but... if it works, people will use it. I'm also the co-chair of
the EAP Method Update (EMU) WG, though I can't (of course) use that
position for nefarious gains...
> 2. Even if it is ok for an Enterprise network, it is not ok for the
> Internet, which IETF is responsible for. It means indeed a different
> access model. The local provider becomes a bit too mighty in this
> configuration, so it cannot become a generic standard. This has been
> recently discussed at HOKEY, I believe.
The NEA WG is chartered *specifically* for the enterprise.
Realistically, the difference between the Internet and the corporate net
is disappearing.
Alan DeKok.
More information about the Freeradius-Users
mailing list