Hi Rafa, >>> I was wondering what are the exact implications of not protecting the >>> information until the EAP authentication ends up with a key. If certain >>> particular flags are unset during the conversation because it is not >>> protected, the negotiation should fail, right?. So some sort of >>> denial-of-service problem will raise. Is that what you had in mind?. >> >> Right, it should fail. If there is no integrity protection of, in this case, >> the client-requested-mutual-authentication flag, then it would silently >> succeed. > > However, in my mind you may confirm the value of that flag seen by both > parties with an integrity-protected "binding" exchange after the key material > has been exported by the EAP authentication.
Yes, this is (more or less) what we're proposing. If you want to see an possible approach I tried, you can see the tlv-mic branch of Moonshot. -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
