EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes)...
-
Upload
marcia-joseph -
Category
Documents
-
view
219 -
download
2
description
Transcript of EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes)...
![Page 1: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/1.jpg)
EAP WG
IETF 55Atlanta, GA
![Page 2: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/2.jpg)
EAP WG Meeting Monday, Salon II 1530-1730Preliminaries (10 minutes)
– Bluesheets, minutes– Document Status
RFC 2284 Bis
• EAP Design Team Report, Jari Arkko (5 minutes)http://www.ietf.org/internet-drafts/draft-ietf-eap-esteem-00.txt
• IEEE 802.1aa D4 reconciliation, Paul Congdon (5 minutes)http://www.ieee802.org/1/mirror/8021/aa-drafts/d4/802-1aa-d4.pdfusername: p8021, password: go_wildcats
• RFC 2284bis Open issues, Bernard Aboba (15 minutes)http://www.ietf.org/internet-drafts/draft-ietf-pppext-rfc2284bis-07.txt
• EAP state machine, Bryan Payne & Nick Petroni (10 minutes)http://www.ietf.org/internet-drafts/draft-payne-eap-sm-01.{ps,txt}
• EAP state machine, John Vollbrecht (10 minutes)http://www.ietf.org/internet-drafts/draft-ietf-eap-esteem-00.txt
![Page 3: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/3.jpg)
Monday agenda, continued• EAP TLV method, Glen Zorn (5 minutes)
http://www.ietf.org/internet-drafts/draft-hiller-eap-tlv-00.txt
• EAP IANA considerations, Bernard Aboba (10 minutes)http://www.ietf.org/internet-drafts/draft-aboba-pppext-eap-iana-02.txt
EAP Security
• EAP Binding Problem, V. Lortz (10 minutes)http://www.ietf.org/internet-drafts/draft-puthenkulam-eap-binding-00.txt
• EAP Binding Problem, H. Haverinen (10 minutes)http://www.saunalahti.fi/~asokan/research/mitm.html
• EAP Binding Problem, H. Krawczyk (10 minutes)
![Page 4: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/4.jpg)
EAP WG Meeting Tuesday, Salon B 1700-1800• EAP keying problem, Bernard Aboba (10 minutes)
http://www.ietf.org/internet-drafts/draft-aboba-pppext-key-problem-03.txt
EAP Methods
• EAP security claims, Glen Zorn (10 minutes)http://www.ietf.org/internet-drafts/draft-zorn-eap-eval-00.txt
• Smart card support, Pascal Urien (5 minutes)http://www.ietf.org/internet-drafts/draft-urien-eap-smartcard-00.txt
• EAP SIM, Henry Haverinen (5 minutes)http://www.ietf.org/internet-drafts/draft-haverinen-pppext-eap-sim-07.txt
• EAP AKA, Henry Haverinen (5 minutes)http://www.ietf.org/internet-drafts/draft-haverinen-pppext-eap-aka-06.txt
• EAP GSS, Bernard Aboba (5 minutes)http://www.ietf.org/internet-drafts/draft-aboba-pppext-eapgss-12.txt
EAP Roadmap
• EAP Roadmap Discussion (10 minutes)
![Page 5: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/5.jpg)
Document Status• WG work items
– RFC 2284bis• draft-ietf-pppext-rfc2284bis-07.txt• draft-ietf-eap-otp-00.txt
– Eap StatE machinE dEsign teaM (ESTEEM)• Draft-ietf-eap-esteem-00.txt
• Individual submissions– EAP Keying Problem
• draft-aboba-pppext-key-problem-03.txt
![Page 6: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/6.jpg)
Goals and Milestones• Dec 02 RFC 2284bis submitted for publication as
Proposed Standard RFC– IANA considerations– State machine– Security considerations– Type space expansion– OTP, GTC
• Jun 03 EAP Keying problem doc submitted for publication as Informational RFC.
![Page 7: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/7.jpg)
RFC 2284bis
![Page 8: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/8.jpg)
Goals for RFC 2284bis• Understanding behavior of current implementations
– EAP Implementation Survey• Documenting features of EAP implementations
– Interoperability testing• Documenting interoperation of each feature by at least 2 independent
implementations
• Recycling RFC 2284 at Proposed Standard– Clarifying interoperability issues within the specification– Recognizing support for multiple media
• PPP, IEEE 802, PIC (EAP over UDP)– Describing the EAP operational model– Security considerations– IANA considerations
![Page 9: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/9.jpg)
Non-Goals• Re-writing EAP from scratch
– This is not EAPng!• Making non-backward compatible changes to EAP• Revising RADIUS
– RFC2869bis is needed, but not part of this effort• Revising IEEE 802.1X
– IEEE 802.1X revision PAR (aa) in progress
![Page 10: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/10.jpg)
Interoperability Testing Opportunities
• CIUG– Results of past EAP interoperability tests?– Plans for additional tests?
• Interop– Testing of IEEE 802.1X on the “Interop net”
![Page 11: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/11.jpg)
EAP Survey Results• Survey requests sent out to PPPEXT, IEEE 802.1X mailing lists in early June
2001• Implementations covered in responses:
– 2 PPP– 2 IEEE 802.3– 1 IEEE 802.11
• Many “implementations in progress” not ready to fill out survey yet– IEEE 802: 802.3, 802.11 implementations– Other: PIC– Other potential uses of EAP: Hiperlan2, Bluetooth
• Features not implemented:– EAP OTP, Generic Token card– Default retransmission timer of 6 seconds– Allowing for loss of EAP Success and Failure packets via alternative indications– Display of Notification to user and use to indicate invalid authentication attempt
![Page 12: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/12.jpg)
Implications for RFC 2284bis• Generic token card, OTP EAP methods now
documented in separate draft– Draft-ietf-eap-otp-00.txt– Given no implementations, OTP & GTC will remain at
proposed standard• RFC 2284bis may need to cut additional features
– We’ll cross that bridge once we come to it
![Page 13: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/13.jpg)
RFC 2284bis Issues
![Page 14: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/14.jpg)
RFC 2284bis Issues Process• Issues represent a request for a specific change to the RFC
2284bis document.– Not just a “question” – Not just a description of the problem – but text for a solution!
• Issues sent to [email protected] in the following format:– Description of issue
Submitter name: Your_Name_Here Submitter email address: Your_Email_Address_Here Date first submitted: Insert_Date_Here Reference: URL to e-mail describing problem, if available Document: Document Requiring change [RFC2284bis, RFC 2869bis, Keying Framework]Comment type: ['T'echnical | 'E'ditorial] Priority: ['S' Must fix | '1' Should fix | '2' May fix ] Section: Insert_Section_Number_Here Rationale/Explanation of issue: Length description of problem
Requested change: Proposal
• Issues list kept at:– http://www.drizzle.com/~aboba/EAP/eapissues.html
![Page 15: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/15.jpg)
Issues Report• 42 Issues raised so far• RFC 2284bis (37)
– 20 resolved– 3 rejected– 14 still open
• RFC 2869bis (2)– 2 resolved
• EAP keying framework (2)– 2 still open
• EAP state machine (1)– 1 still open
![Page 16: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/16.jpg)
Observations• Closed/still open ratio is not very good• Open 6 months or more: Issues
2,7,10,14,23,25,26,32• Relatively little discussion on posted RFC 2284bis
issues• If this continues, EAP WG will miss milestones
by a considerable margin• Have to pick up the pace!
![Page 17: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/17.jpg)
RFC 2284bis Open Issues• Alternative indications (#2)• Authentication sequences (#7)• Acknowledged Success/Failure (#10)• Identifier usage (#13)• EAP Transport behavior (#14)• Identifier behavior (#18)• Identity Request Payload (#23)• Spoofing and duplicate detection (#25)• Unprotected success and failure (#26)• Keying confirmation (#32)• Language negotiation (#38)• Man-in-the-middle attacks (#40)• NAK of Vendor-specific (#41)• EAP enhancements (#42)
![Page 18: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/18.jpg)
Alternate Indications (#2)• Success and Failure messages are not ACK’d:
“Implementation Note: Because the Success and Failure packets are not acknowledged, they may be potentially lost. A peer MUST allow for this circumstance. The peer can use a Network Protocol packet as an alternative indication of Success. Likewise, the receipt of a LCP Terminate-Request can be taken as a Failure.”
– Result: If Success or Failure are lost: Timeout or worse!• Lower layers have different “alternate indications”
– PPP• LCP-Terminate, carrier loss an alternate indication of Failure• NCP an alternate indication of success
– IEEE 802• Carrier sense an alternate indication of Failure• No alternate indication of Success
– IEEE 802.11• Disassociate, Deauthenticate, EAPOL-Logoff an alternate indication of
Failure• Association/Reassociation response an alternate indication of success
![Page 19: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/19.jpg)
EAP Transport Behavior (#14)• EAP is an ACK/NAK protocol
– Only one packet in flight at a time– But some methods assume that additional Requests can be sent without a
Response• EAP is driven by the authenticator
– Responses cannot be retransmitted, only Requests– Success/Failure not ACK’d nor retransmitted– RADIUS server does not retransmit (NAS responsibility)– But some methods assume RADIUS server retransmission, ACK’ing of
Success/Failure• EAP transport characteristics not defined in RFC 2284
– RTO default = 6 seconds (for human interaction)– No exponential backoff– No defined retransmission strategy– When running over IP, EAP retransmission can conflict with transport
retransmissions
![Page 20: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/20.jpg)
Identifier Behavior (#18)• Identifier is unique per port, not per NAS
– Ongoing authentications per NAS not limited to 256• Guidelines for Identifier selection
– Start from 1 or random selection?– Can identifier wrap within a session?– Is Identifier monotonically increasing or just unique within
the conversation?• Example issue
– AAA server sends Accept with Reply-Message and EAP-Message attributes
– If Reply-Message translated to EAP-Notification, EAP authenticator needs to “create” an Identifier for it
• Assumption is that EAP-Request/EAP-Notification is sent, followed by receipt of EAP-Response/EAP-Notification, then EAP-Message attribute is decapsulated and sent
– But EAP-Message attribute already contains an Identifier!
![Page 21: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/21.jpg)
Identity Request Payload (#23)• RFC 2284 does not define what is included in the
Identity Request payload• EAP peer typically obtains information about the
available networks out of band– PPP: via dialup client– 802.11: via Beacon, Probe Responses– PANA: via CAR?
• Does the peer need additional hints in the Identity Request?– If so, what?– Can the information be provided in other ways?
• Example: SSID OID proposed in EAP TLS cert profile
![Page 22: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/22.jpg)
Duplicate Detection (#25)• EAP retransmission behavior
– NAS retransmits EAP-Requests– Client never re-transmits EAP-Responses on its own– NAS retransmission doesn’t take RTT into account– Result
• NAS can retransmit before it is assured that EAP-Request has been lost• Client can send duplicate EAP-Responses
• Interactions with AAA– In RADIUS, NAS is responsible for retransmissions
• No AAA server-initiated messages• AAA server does not retransmit
– If NAS doesn’t detect and discard duplicates, can send duplicate Access-Requests to AAA server
– If done in the middle of EAP conversation, can cause problems on AAA server
![Page 23: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/23.jpg)
EAP Type Multiplexing• Proposed EAP methods use NAK and Notification in “novel” ways
– NAK used for version negotiation within the EAP method– Notification used for Nonce exchange
• Some proposed methods have placed data in EAP Success/Failure– Success/Failure are not ACK’d, so data may never arrive– 802.1X “manufactures success/failure, so data, if present will be thrown away
• Not explicitly prohibited by RFC 2284, but unlikely to interoperate either– Might work in a monolithic EAP implementation, but not in a layered one
• No description of EAP type multiplexing in RFC 2284
![Page 24: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/24.jpg)
EAP Type Multiplexing
EAPEAPLayerLayer
MethodMethodLayerLayer
MediaMediaLayerLayer
MethodMethod
PrimitivesPrimitives
PPPPPP 802.3802.3 802.5802.5 802.11802.11
Type= Identity, Notification Type= Identity, Notification Code =Success, FailureCode =Success, Failure Type=Type=
FooFoo
FooFoo
Type=Type=BarBarType=Type=
NAKNAK
![Page 25: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/25.jpg)
IANA Considerations
![Page 26: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/26.jpg)
Allocated EAP Type#’sType Description Reference Implemented? Spec Available?---- ----------- --------- ------------ ---------------1 Identity [RFC2284] Yes RFC 22842 Notification [RFC2284] Yes RFC 22843 NAK (Response only) [RFC2284] Yes RFC 22844 MD5-Challenge [RFC2284] Yes RFC 22845 One Time Password (OTP) [RFC2284] No RFC 22846 Generic Token Card [RFC2284] No RFC 22847 No No8 No No9 RSA Public Key Authentication [Whelan] No Expired10 DSS Unilateral [Nace] Yes I-D?11 KEA [Nace] Yes I-D?12 KEA-Validate [Nace] Yes I-D?13 EAP-TLS [Aboba] Yes RFC 271614 Defender Token (AXENT) [Roselli] Yes No15 Windows 2000 EAP [Asnes] ? No16 Arcot Systems EAP [Jerdonek] ? No17 EAP-Cisco Wireless [Norman] Yes No18 Nokia IP smart card auth [Haverinen] ? No19 SRP-SHA1 Part 1 [Carlson] Yes I-D 20 SRP-SHA1 Part 2 [Carlson] No I-D21 EAP-TTLS [Funk] Yes I-D22 Remote Access Service [Fields] ? No23 UMTS Auth and Key agreement [Haverinen] ? ?24 EAP-3Com Wireless [Young] Yes No25 PEAP [Palekar] Yes I-D26 MS-EAP-Authentication [Palekar] Yes No27 Mutual auth w/key exchange (MAKE) [Berrendonner] ? No28 CRYPTOCard [Webb] Yes No29 EAP-MSCHAP-V2 [Potter] ? I-D30 DynamID [Merlin] ? No31 Rob EAP [Ullah] ? No32 SecurID EAP [Josefsson] Yes I-D33 EAP TLV [Palekar] Yes I-D34 SentriNet [Kelleher] Yes No35 Actiontec Wireless [Chang] ? No36 Congent Systems Biometric [Xiong] ? No
![Page 27: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/27.jpg)
Some Observations• Rate of Method Type allocation is increasing
– 36 Type values allocated since March 1998– 4 Type values allocated in the last 3 months
• Two Method Type values allocated to the same Method– EAP SRP-SHA1 Parts 1 and 2
• Most allocations are for vendor-specific use with no specification• Not all allocated Method Types are used
– At least 5 of the allocated types have not been implemented (~15 percent!)
• Conclusion– At present rate of allocation, EAP Type space could be exhausted within
a few years– EAP Method Type space is a finite resource (255) - could probably be
managed more effectively– IANA considerations needed!
![Page 28: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/28.jpg)
Proposed IANA Considerations• Included in RFC 2284bis
– Separated out in draft-aboba-pppext-eap-iana-02.txt
• Packet Codes– Codes 1-4 described in RFC 2284– Codes 5-255 allocated by Standards Action
• Method Types– Method Types 1-36 already allocated by IANA– Method Types 37-191 allocated via Designated Expert w/specification required– Method Types 192-254 reserved; allocation requires Standards Action– Method 255 for Vendor-Specific extensions when no interoperability is deemed
useful– More than one type code at a time requires IETF Consensus
![Page 29: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/29.jpg)
Vendor-Specific Support• Method Type 255 reserved for (optional) Vendor-
Specific use and Type expansion• Goal is to push exhaustion of EAP Type space out
several years• Expanded Type space (256+) allocated after Types
32-191 are exhausted
![Page 30: EAP WG IETF 55 Atlanta, GA. EAP WG Meeting Monday, Salon II 1530-1730 Preliminaries (10 minutes) –Bluesheets, minutes –Document Status RFC 2284 Bis EAP.](https://reader036.fdocuments.us/reader036/viewer/2022070605/5a4d1ae67f8b9ab059979252/html5/thumbnails/30.jpg)
Questions• Should IANA considerations be kept within RFC
2284bis or progressed separately?– Separation might enable more rapid implementation of
IANA considerations• What should method allocation be?