Issue 348: Definition of Lower Layer

So, by this definition, RADIUS or IKEv2, for e.g., would not
be
classified as a lower layer? I see that the pass through
mode figure in
RFC3748 alludes to this, but I thought for having the
"lower layer" vs.
the "AAA" text in the stack was because AAA is
more or less standard on
that link, while the "lower layer" between the
peer and authenticator
could differ. 

Section 3.1 of RFC3748 applies to all layers that carry EAP,
not just
between the peer and authenticator - isn't that right? 

Vidya

> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_abobahotmail.com] 
> Sent: Thursday, April 06, 2006 10:18 PM
> To: eapfrascone.com
> Subject: [eap] Re: Issue 348: Definition of Lower Layer
> 
> RFC 3748 Section 2.2 says:
> 
> "Lower layer.  The lower layer is responsible for

> transmitting and receiving EAP frames between the peer
and 
> authenticator."
> 
> How would this do as a definition of Lower Layer?
> 
> 
>
------------------------------------------------------------
--
> ---------------------
> Issue 348: Definition of Lower Layer
> Submitter name: Vidya Narayanan
> Submitter email address: vidyanqualcomm.com Date
Submitted: 
> April 6, 2006
> Reference: http://lists.frascone.com/pipermail/eap/msg04184.html
> Document: Keying-11
> Comment type: E
> Priority: S
> Section: 1.2
> Rationale/Explanation of issue:
> 
> I just looked up RFC3748 and the EAP Keying Framework
and 
> realized that there isn't a definition for the term
"lower 
> layer". I would recommend adding a definition to
the 
> terminology section of the keying framework draft.
Lower 
> layer, to me means the layer over which EAP runs.
Between the 
> peer and the authenticator, this would be the layer
that runs 
> the secure association protocol to derive TSKs, while
between 
> the authenticator and the AS, this would be the AAA
protocol 
> carrying EAP, for instance.
> 
> 
>
____________________________________________________________
_____
> To unsubscribe or modify your subscription options,
please visit:
> http:/
/lists.frascone.com/mailman/listinfo/eap
> 
> Arhives: http://lists.
frascone.com/pipermail/eap
> 
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap

I think IKEv2 would qualify, because it carries EAP between
the peer and 
authenticator.  RADIUS (or Diameter) would not, because it
carries EAP 
between the authenticator and backend server.

Based on the definition of lower layer in RFC 3748, it would
seem that 
Section 3.1 applies only between the peer and authenticator,
although some 
of the same requirements (no re-ordering) would also be
relevant between the 
authenticator and backend server.

>So, by this definition, RADIUS or IKEv2, for e.g., would
not be
>classified as a lower layer? I see that the pass through
mode figure in
>RFC3748 alludes to this, but I thought for having the
"lower layer" vs.
>the "AAA" text in the stack was because AAA
is more or less standard on
>that link, while the "lower layer" between
the peer and authenticator
>could differ.
>
>Section 3.1 of RFC3748 applies to all layers that carry
EAP, not just
>between the peer and authenticator - isn't that right?
>
>Vidya


____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap