[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about EAP and CFG



Yoav Nir writes:
> When clients connect to an IRAS using both EAP for authentication and 
> CFG for configuration, section 2.19 says that they CFG_REQUEST is sent 
> in message #3.  The CFG_REPLY is sent in message #4.

No, it says tat the CFG_* payloads are put in the messages containg
the SA payloads, not necessarely message 3 and 4. 

> However, section 2.16 shows that the EAP exchange extends to at least 
> message #6 or more.  Is it acceptable to delay the CFG_REQUEST until 
> the message that contains the SAr payload?  If so, I think it should be 
> explicitly stated.

It is mandatory to delay, as the CFG_REPLY MUST be put in the message
containing the SA payload, which will be the last message from
responder to the initiator. 
-- 
kivinen@safenet-inc.com