Re: [Int-area] DCHP-based authentication for DSL?

<Bernard_Aboba@hotmail.com> Thu, 25 October 2007 19:41 UTC

Message-ID: <BAY117-DS213B42206C26BC7FD3B7A93950@phx.gbl>
From: Bernard_Aboba@hotmail.com
In-Reply-To: <005501c81555$6f49f360$ba3dfea9@ad.redback.com> <471F0F26.4070006@uninett.no> <471FACDD.3000707@cisco.com> <C087AF58-A3DF-40CC-9AB2-BE30E3657A00@cisco.com><471FB475.3020409@cisco.com> <472046D9.5030903@nitros9.org>
To: Alan DeKok <aland@nitros9.org>, ric@cisco.com
References: <005501c81555$6f49f360$ba3dfea9@ad.redback.com> <471F0F26.4070006@uninett.no> <471FACDD.3000707@cisco.com> <C087AF58-A3DF-40CC-9AB2-BE30E3657A00@cisco.com><471FB475.3020409@cisco.com> <472046D9.5030903@nitros9.org>
Subject: Re: [Int-area] DCHP-based authentication for DSL?
Date: Thu, 25 Oct 2007 12:41:37 -0700
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="iso-8859-1"; reply-type="original"
Content-Transfer-Encoding: 7bit
Importance: Normal
Cc: Internet Area <int-area@lists.ietf.org>
Precedence: list
Errors-To: int-area-bounces@lists.ietf.org

The problem is that some EAP methods (e.g. most non-TLS based methods) don't 
support fragmentation, so in practice I'm not sure that all existing methods 
would work over a 500 octet MTU.

--------------------------------------------------
From: "Alan DeKok" <aland@nitros9.org>
Sent: Thursday, October 25, 2007 12:33 AM
To: <ric@cisco.com>
Cc: "Internet Area" <int-area@lists.ietf.org>
Subject: Re: [Int-area] DCHP-based authentication for DSL?

> Richard Pruss wrote:
>> The fragmentation size problem may be addressed by the relay agent
>> having the role of EAP authenticator, as it splits the EAP traffic into
>> RADIUS out of DHCP, and DHCP messages should be normally sized to the
>> server.
>
>  RADIUS packets are maximum 4k in size, so RADIUS wouldn't be the
> limiting factor.  What is the limiting factor is EAPoL, where packets
> can't be fragmented.  Most RADIUS servers already look for a MTU in the
> Access-Request, and limit the size of EAP responses on their end, so
> that the EAP data will fit into one Ethernet packet.
>
>  My tests on various implementations show that RADIUS servers and
> 802.1x supplicants appear to work with MTUs set very low, such as 100
> octets.  The result is a LOT more RADIUS traffic than normal, but the
> authentication process succeeds.
>
>  So limiting the DHCP packet sizes to 500 octets shouldn't affect the
> operation EAP.  Similar issues apply to PANA, where there is IP and UDP
> overhead on top of what would otherwise be EAPoL.
>
>  Alan DeKok.
>
>
> _______________________________________________
> Int-area mailing list
> Int-area@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/int-area
> 


_______________________________________________
Int-area mailing list
Int-area@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/int-area

Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
[Int-area] DCHP-based authentication for DSL? Jari Arkko
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
RE: [Int-area] DCHP-based authentication for DSL? Maglione Roberta
Re: [Int-area] DCHP-based authentication for DSL? James Kempf
RE: [Int-area] DCHP-based authentication for DSL? Pekka Savola
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
Re: [Int-area] DCHP-based authentication for DSL? Jari Arkko
Re: [Int-area] DCHP-based authentication for DSL? Pekka Savola
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Jari Arkko
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Bernard Aboba
RE: [Int-area] DCHP-based authentication for DSL? MORAND Lionel RD-CORE-ISS
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Jari Arkko
Re: [Int-area] DCHP-based authentication for DSL? Jari Arkko
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Jari Arkko
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Bernard Aboba
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Stig Venaas
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? James Kempf
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Business considerations (Was: Re: [Int-area] DCHP… Jari Arkko
Re: [Int-area] DCHP-based authentication for DSL? Jari Arkko
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
RE: [Int-area] DCHP-based authentication for DSL? Bernard Aboba
Re: Business considerations (Was: Re: [Int-area] … James Kempf
Re: Business considerations (Was: Re: [Int-area] … Jari Arkko
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Julien Bournelle
Re: [Int-area] DCHP-based authentication for DSL? Bernard Aboba
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
Re: [Int-area] DCHP-based authentication for DSL? David R Oran
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
RE: [Int-area] DCHP-based authentication for DSL? Pekka Savola
Re: [Int-area] DCHP-based authentication for DSL? Hannes Tschofenig
Re: [Int-area] DCHP-based authentication for DSL? Julien Bournelle
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Wojciech Dec (wdec)
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Bernard Aboba
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Hannes Tschofenig
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Julien Bournelle
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
RE: [Int-area] DCHP-based authentication for DSL? Wojciech Dec (wdec)
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
RE: [Int-area] DCHP-based authentication for DSL? Wojciech Dec (wdec)
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Peter Arberg
RE: [Int-area] DCHP-based authentication for DSL? Peter Arberg
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
RE: [Int-area] DCHP-based authentication for DSL? Bill Welch
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Stig Venaas
RE: [Int-area] DCHP-based authentication for DSL? Bill Welch
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Hannes Tschofenig
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Stig Venaas
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
RE: [Int-area] DCHP-based authentication for DSL? Bill Welch
Re: [Int-area] DCHP-based authentication for DSL? Hannes Tschofenig
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Hannes Tschofenig
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
Re: [Int-area] DCHP-based authentication for DSL? Bernard_Aboba
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Stig Venaas
RE: [Int-area] DCHP-based authentication for DSL? Wojciech Dec (wdec)
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Bill Welch
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
RE: [Int-area] DCHP-based authentication for DSL? Wojciech Dec (wdec)
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
RE: [Int-area] DCHP-based authentication for DSL? Bernard Aboba
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [dhcwg] Re: [Int-area] DCHP-based authenticat… Richard Pruss
Re: [dhcwg] Re: [Int-area] DCHP-based authenticat… Ted Lemon
RE: [dhcwg] Re: [Int-area] DCHP-based authenticat… Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [dhcwg] Re: [Int-area] DCHP-based authenticat… Ted Lemon
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [dhcwg] Re: [Int-area] DCHP-based authenticat… Richard Pruss
RE: [Int-area] DCHP-based authentication for DSL? Wojciech Dec (wdec)
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [dhcwg] Re: [Int-area] DCHP-based authenticat… Ted Lemon
Re: [Int-area] DCHP-based authentication for DSL? Ted Lemon
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
Re: [Int-area] DCHP-based authentication for DSL? Bernard Aboba
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Ralph Droms
Re: [Int-area] DCHP-based authentication for DSL? Ted Lemon
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
Re: [Int-area] DCHP-based authentication for DSL? Damic, Damjan
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
RE: [Int-area] DCHP-based authentication for DSL? Eric Voit (evoit)
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
RE: [Int-area] DCHP-based authentication for DSL? Templin, Fred L
Re: [Int-area] DCHP-based authentication for DSL? Alan DeKok
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Richard Pruss
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
RE: [Int-area] DCHP-based authentication for DSL? Alper Yegin
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Iljitsch van Beijnum
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Mark Townsley
Re: [Int-area] DCHP-based authentication for DSL? Yoshihiro Ohba
Re: [Int-area] DCHP-based authentication for DSL? Jari Arkko
RE: [Int-area] DCHP-based authentication for DSL? Avi Lior