[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [AAA-DOCTORS] [Dime] FEDAUTH BOF request

To: Bernard Aboba <bernard_aboba@hotmail.com>
Subject: RE: [AAA-DOCTORS] [Dime] FEDAUTH BOF request
From: Peter Deacon <peterd@iea-software.com>
Date: Sun, 6 Jun 2010 14:04:39 -0700 (Pacific Daylight Time)
Cc: 'Alper Yegin' <alper.yegin@yegin.org>, tena@huawei.com, aaa-doctors@ietf.org, radiusext@ops.ietf.org, dime@ietf.org, dromasca@avaya.com
In-reply-to: <BLU137-DS5162535EAE6642C60FB4893D40@phx.gbl>
References: <EDC652A26FB23C4EB6384A4584434A04022444EC@307622ANEX5.global.avaya.com>, <F3CA54ABFDD5489FAFE036ECB6EE0011@china.huawei.com> <BLU137-W24E56D43201C0B9EEB3A4A93D10@phx.gbl> <019f01cb03b7$e63fcaf0$b2bf60d0$@yegin@yegin.org> <BLU137-DS5162535EAE6642C60FB4893D40@phx.gbl>
User-agent: Alpine 2.00 (WNT 1167 2008-08-23)

On Sun, 6 Jun 2010, Bernard Aboba wrote:

Previous tests have shown problems with use of RADIUS/EAP over UDP in
federated scenarios:

http://www.cesnet.cz/doc/techzpravy/2008/eduroam-authentication-over-jammed-
network/

As noted in the above paper, once packet loss is introduced, completing the
multiple roundtrips of EAP authentication becomes increasingly difficult.


This paper has some crazy figures.. look at the data for packet loss.

40% packet loss (client to server) = 78% success rate for PEAP-MSCHAPv2
40% packet loss (server to client) = 20% success rate for PEAP-MSCHAPv2

There is a footnote on this issue "The more favorable results forclient-to-server jamming are caused by the aggressive packet re-sendingstrategy of wpa_supplicant compared to the behavior of Radiator."

If the server did not receive client request or client did not receiveserver response the knowledge available and avenue for response by theclient is the same in either case. The figures appear to reflect asubstantial implementation artifact in the servers tx side retransmit.


regards,
Peter

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- FEDAUTH BOF request
  - From: "Romascanu, Dan (Dan)" <dromasca@avaya.com>
- Re: FEDAUTH BOF request
  - From: Tina TSOU <tena@huawei.com>
- RE: FEDAUTH BOF request
  - From: Bernard Aboba <bernard_aboba@hotmail.com>
- RE: [Dime] FEDAUTH BOF request
  - From: "Alper Yegin" <alper.yegin@yegin.org>
- RE: [AAA-DOCTORS] [Dime] FEDAUTH BOF request
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>

Prev by Date: RE: [AAA-DOCTORS] [Dime] FEDAUTH BOF request
Next by Date: Updated copy of the design guidelines document
Previous by thread: RE: [AAA-DOCTORS] [Dime] FEDAUTH BOF request
Next by thread: RE: [Dime] FEDAUTH BOF request
Index(es):
- Date
- Thread