[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

EAP requestor for Initiator

To: ipsec@lists.tislabs.com
Subject: EAP requestor for Initiator
From: Tom Hu <tomhu@cisco.com>
Date: Tue, 21 Oct 2003 18:14:49 -0700
Reply-To: tomhu@cisco.com
Sender: owner-ipsec@lists.tislabs.com

Hi all,

In the ikev2 draft, explicitely describes EAP request initiated from
Responder. Is it legit to have EAP request initiated from Initiator?
Please see the below exchange. Is this against IKEv2 protocol?

Note: when I said EAP requestor, it means that the node sends the first
EAP packet.


  Initiator                          Responder
 -----------                        -----------
  HDR, SAi1, KEi, Ni         -->
                              <--    HDR, SAr1, KEr, Nr, [CERTREQ]

  HDR, SK {IDi, [CERTREQ,] [IDr,]
           SAi2, TSi, TSr}   -->
                              <--    HDR, SK {IDr, [CERT,] AUTH}
  HDR, SK {EAP, [AUTH]}      -->
                              <--    HDR, SK {EAP, [AUTH]}

  HDR, SK {EAP, [AUTH] }     -->
                              <--    HDR, SK {[AUTH], SAr2, TSi, TSr }

Thanks,

Tom Hu

Follow-Ups:
- Re: EAP requestor for Initiator
  - From: Yoav Nir <ynir@CheckPoint.com>

Prev by Date: RE: 2401bis-00 submitted to IETF
Next by Date: RE: SPD issues
Prev by thread: 2401bis issue status
Next by thread: Re: EAP requestor for Initiator
Index(es):
- Date
- Thread