eap-3----Page:9
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
|
EAP Invariants Media Independence EAP methods can operate on any lower layer meeting the criteria outlined in [RFC3748], Section 3.1. EAP methods cannot be assumed to have knowledge of the lower layer over which they are transported. Method Independence Authenticators can support any method implemented on the peer and server. Authenticators acts as forwarders for methods not locally supported. Ciphersuite Independence EAP methods negotiate the ciphersuite used in protection of the EAP conversation only; data protection is negotiated out-of-band. The backend authentication server is not a party to the ciphersuite negotiation nor is it an intermediary in the data flow between the EAP peer and authenticator. An EAP method may not have knowledge of the ciphersuite that has been negotiated between the peer and authenticator. |