[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Question about EAP and CFG
Yoav Nir writes:
> When clients connect to an IRAS using both EAP for authentication and
> CFG for configuration, section 2.19 says that they CFG_REQUEST is sent
> in message #3. The CFG_REPLY is sent in message #4.
No, it says tat the CFG_* payloads are put in the messages containg
the SA payloads, not necessarely message 3 and 4.
> However, section 2.16 shows that the EAP exchange extends to at least
> message #6 or more. Is it acceptable to delay the CFG_REQUEST until
> the message that contains the SAr payload? If so, I think it should be
> explicitly stated.
It is mandatory to delay, as the CFG_REPLY MUST be put in the message
containing the SA payload, which will be the last message from
responder to the initiator.
--
kivinen@safenet-inc.com