On Thu, Mar 31, 2011 at 9:36 AM, Luke Howard <[email protected]> wrote: >> 4) Re-construct those messages near the end of the exchange, storing >> only iyems such as nonces in the interim. > > That's a pretty clever idea, but -- if you're talking about reconstructing > the entire EAP exchange -- I don't think it would be very practical from an > implementation standpoint, particularly when a AAA server is involved.
Right, but you might be able to minimize what messages you must cache. Keep in mind that I'm not following all the details of your mechanism, thus I might write something like the above that might not make any sense in the context of your mech. > A simple option, if we keep this last-round-trip extension exchange, is to > protect just that. It assumes that we'll never send an extension token in an > earlier leg that requires integrity protection. (And, given we might want to > do extension negotiation for something we haven't thought of yet, and avoid > downgrade attacks, my gut feeling is that protecting the entire conversation > is something we should bake into the protocol now if it's not too expensive.) We've seen the unauthenticate plaintext movie, and remakes. They usually don't feature a happy ending. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
