Hi Luke, El 31/03/2011, a las 12:06, Luke Howard escribió:
>> I was wondering what are the exact implications of not protecting the >> information until the EAP authentication ends up with a key. If certain >> particular flags are unset during the conversation because it is not >> protected, the negotiation should fail, right?. So some sort of >> denial-of-service problem will raise. Is that what you had in mind?. > > Right, it should fail. If there is no integrity protection of, in this case, > the client-requested-mutual-authentication flag, then it would silently > succeed. However, in my mind you may confirm the value of that flag seen by both parties with an integrity-protected "binding" exchange after the key material has been exported by the EAP authentication. > > -- Luke ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
