On 28/06/2011 15:50, "Alan DeKok" <[log in to unmask]> wrote:
>Josh Howlett wrote:
>> I'm confused at your step (4); how are you framing EAP in the RadSec
>> connection between Client and Server?
>
> Inside of a RADIUS packet. ;)
But RFC3579 says that the "NAS places EAP messages received from the
authenticating peer". I think you're suggesting that the authenticating
peer is placing the EAP messages.
You also can't calculate the Message-Authenticator because the Client and
Server don't share a secret.
That's why I thought it was cleaner to place the EAP in the TLS handshake.
Josh.
JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG
|