Hi Luke, El 31/03/2011, a las 15:53, Luke Howard escribió:
> Hi Rafa, > >>>> I was wondering what are the exact implications of not protecting the >>>> information until the EAP authentication ends up with a key. If certain >>>> particular flags are unset during the conversation because it is not >>>> protected, the negotiation should fail, right?. So some sort of >>>> denial-of-service problem will raise. Is that what you had in mind?. >>> >>> Right, it should fail. If there is no integrity protection of, in this >>> case, the client-requested-mutual-authentication flag, then it would >>> silently succeed. >> >> However, in my mind you may confirm the value of that flag seen by both >> parties with an integrity-protected "binding" exchange after the key >> material has been exported by the EAP authentication. > > Yes, this is (more or less) what we're proposing. If you want to see an > possible approach I tried, you can see the tlv-mic branch of Moonshot. Yes, we had also thought about this "binding" and that it is why I was commenting it. > > -- Luke ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
