>>>>> "Luke" == Luke Howard <[email protected]> writes:
Luke> Instead I propose (well, Sam proposes and I implemented) the
Luke> following. On the initiator extension token leg (the last
Luke> token from the initiator), a MIC is sent of the mechanism OID
Luke> and the extension tokens, excluding the MIC token. The
Luke> acceptor verifies it and generates a MIC of its extension
Luke> token to send to the initiator. The initiator verifies this.
Luke> This gives us protection of all extension tokens sent in the
Luke> last round trip.
I'd like to hear comments on this. Unless we hear objections or the
editors receive different instructinos from the chairs, we will make
this so in the next version of the gss-eap draft.
_______________________________________________
abfab mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/abfab
