>
> See inline please....
>
> > >
> > > Yes. To get the AMSK or derivative keys from
the AAA server.
> > > But not between the AAA server and the
EAP-Authentication Server.
> > >
> > > Note, if I can remember correctly someone
wanted to specify
> > a protocol
> > > to get the AMSK from the EMSK.
> > >
> >
> > How often do we have an EAP server not co-located
with the
> AAA server?
>
> Well in one SDO activitiy that I am working on there is
a
> case where the EAP-Server is not deployed with the
AAA-server
> for some fo the cases.
> It is however co-located with the NAS.
>
Is a AAA-server separately deployed in this case and does
the EAP server
contact the AAA server to authenticate the peer?
I guess we can say that a protocol may be needed when the
NAS is not in
pass through mode?
> > When they are co-located, a protocol isn't really
required.
>
> I agree.
>
> > When they are not, I can see a need - but, from a
practical
> use case
> > perspective, I feel that such a protocol would
find very
> limited use.
>
> I agree with you. But I wouldn't discount it either.
My
> approach is to allow for that -- and certainly it is
allowed
> and then solve the problem when someone can actually
> demonstrate a need. Or let them solve the problem 
>
I like the latter 
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|