Re: Potential Notes in EAP-FAST Documents

Jari Arkko wrote:
> Speaking as an individual, I'm fine with this. It is important to 
> document the EAP methods as they actually exist in wide deployment. 
> That being said, we should also recognize the problems that codepoint 
> overloading causes (even if the overloading issues are somewhat 
> mitigated by the context ie tunnel in this case).
>
> And we should definitely NOT follow the same type of overloading in 
> future work. Obviously not in IETF work, but I also hope that the main 
> vendors have gotten the message that it is a bad idea.
>
> Jari
>
> _______________________________________________
> Emu mailing list
> Emu <at> ietf.org
> https://www.ietf.org/mailman/listinfo/emu

While I strongly disagree with overloading of EAP types, I have to agree 
with Jari.   I would like to see the IETF take a strong stance on not 
allowing overloading of EAP types in the future.  However, at this point 
there are probably too many implementations to try to change, so it 
seems documentation of existing behavior may be the only reasonable 
course of action.

That said, I would still like to see the provisioning document call out 
the security issues related to the use of anonymous provisioning.