[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EAP requestor for Initiator

To: tomhu@cisco.com
Subject: Re: EAP requestor for Initiator
From: Yoav Nir <ynir@CheckPoint.com>
Date: Wed, 22 Oct 2003 14:54:49 +0200
Cc: ipsec@lists.tislabs.com
In-Reply-To: <3F95DA09.4A9DF4DE@cisco.com>
Sender: owner-ipsec@lists.tislabs.com

In the remote-access scenario, the client is always the initiator.  In 
EAP, the gateway (or "authenticator") is always the initiator.  How can 
it be that the IKE initiator will also initiate the EAP?  Which is the 
client, and which is the gateway?

On Wednesday, October 22, 2003, at 03:14 AM, Tom Hu wrote:

> Hi all,
>
> In the ikev2 draft, explicitely describes EAP request initiated from
> Responder. Is it legit to have EAP request initiated from Initiator?
> Please see the below exchange. Is this against IKEv2 protocol?
>
> Note: when I said EAP requestor, it means that the node sends the first
> EAP packet.
>
>
>   Initiator                          Responder
>  -----------                        -----------
>   HDR, SAi1, KEi, Ni         -->
>                               <--    HDR, SAr1, KEr, Nr, [CERTREQ]
>
>   HDR, SK {IDi, [CERTREQ,] [IDr,]
>            SAi2, TSi, TSr}   -->
>                               <--    HDR, SK {IDr, [CERT,] AUTH}
>   HDR, SK {EAP, [AUTH]}      -->
>                               <--    HDR, SK {EAP, [AUTH]}
>
>   HDR, SK {EAP, [AUTH] }     -->
>                               <--    HDR, SK {[AUTH], SAr2, TSi, TSr }
>
> Thanks,
>
> Tom Hu
>

Follow-Ups:
- Re: EAP requestor for Initiator
  - From: Tom Hu <tomhu@cisco.com>
- Re: EAP requestor for Initiator
  - From: Tom Hu <tomhu@cisco.com>

References:
- EAP requestor for Initiator
  - From: Tom Hu <tomhu@cisco.com>

Prev by Date: Re: SPD issues
Next by Date: RE: 2401bis-00 submitted to IETF
Prev by thread: EAP requestor for Initiator
Next by thread: Re: EAP requestor for Initiator
Index(es):
- Date
- Thread