RFC 5296, "EAP Extensions for EAP Re-authentication Protocol (ERP)", August 2008
Note: This RFC has been obsoleted by RFC 6696Source of RFC: hokey (sec)
See Also: RFC 5296 w/ inline errata
Errata ID: 1845
Publication Format(s) : TEXT
Reported By: Glen Zorn
Date Reported: 2009-08-31
Verifier Name: Tim Polk
Date Verified: 2010-03-21
Section 2 says:
An ER server is a logical entity; the home ER server is located on the same backend authentication server as the EAP server in the home domain. The local ER server may not necessarily be a full EAP server.
It should say:
An ER server is a logical entity; it may not necessarily be co-located with, or physically part of, a full EAP server.
The original text makes two unwarranted assumptions, which the corrected text eliminates. The first assumption is that the EAP server in the home domain is located on a back-end authentication (i.e., AAA) server; the second that the home ERP server is also located there. Neither of these conditions are required and place unnecessary restrictions upon deployment options.