> 4) Re-construct those messages near the end of the exchange, storing > only iyems such as nonces in the interim.
That's a pretty clever idea, but -- if you're talking about reconstructing the entire EAP exchange -- I don't think it would be very practical from an implementation standpoint, particularly when a AAA server is involved. A simple option, if we keep this last-round-trip extension exchange, is to protect just that. It assumes that we'll never send an extension token in an earlier leg that requires integrity protection. (And, given we might want to do extension negotiation for something we haven't thought of yet, and avoid downgrade attacks, my gut feeling is that protecting the entire conversation is something we should bake into the protocol now if it's not too expensive.) -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
