eap-3----Page:5
1  2  3  4  5  6  7 

Issue #TBD(Submitted by Glen Zorn) Issue: The document is fuzzy about the role of AAA server/proxy with respect to handling EAP-Identity/Request and Response in section 2 Resolution: it is my understanding that the EAP-aware AAA proxy/server [RFC3579] in the access network can send EAP-Request/Identity within an Access-Challenge. Revised Text for section 2.0: “The EAP authenticator MAY send an identity hint to the peer in the initial EAP-Request/Identity. If the identity hint is not sent initially (such as when the authenticator does not support this specification), then if the local EAP-aware AAA proxy/server implementing this specification receives an AAA Request packet with an unknown realm, it SHOULD reply with an EAP-Request/Identity containing an identity hint. For example, in case of RADIUS, if the EAP-aware RADIUS proxy/server [RFC 3579] receives an Access-Request packet with an unknown realm in the UserName(1) attribute, then it can reply with an EAP-Request/Identity containing an identity hint within an Access-Challenge packet. See "option 3" in the appendix for the message flow diagram.” Status: Discuss

PPT Version