>>>>> "Nico" == Nico Williams <[email protected]> writes:
Nico> If this were the only unauthenticated plaintext requiring
Nico> protection... then you could require that all such flags be
Nico> set that the mechanism supports.
We can try to do this.
The catch comes in because the mechanism may support features the
environment does not.
For example, we will require behavior out of EAP channel binding; see
the draft.
If the server does not verify the right attributes in channel binding
then we will not indicate mutual auth to the initiator.
It's desirable especially for RFC 4462 to also not indicate mutual to
the acceptor in this case.
Thus, an authenticated flag requirement.
--Sam
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
