> I was wondering what are the exact implications of not protecting the > information until the EAP authentication ends up with a key. If certain > particular flags are unset during the conversation because it is not > protected, the negotiation should fail, right?. So some sort of > denial-of-service problem will raise. Is that what you had in mind?.
Right, it should fail. If there is no integrity protection of, in this case, the client-requested-mutual-authentication flag, then it would silently succeed. -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
