On 31/05/2011, at 10:57 AM, Sam Hartman wrote: >>>>>> "Luke" == Luke Howard <[email protected]> writes: > > Luke> Instead I propose (well, Sam proposes and I implemented) the > Luke> following. On the initiator extension token leg (the last > Luke> token from the initiator), a MIC is sent of the mechanism OID > Luke> and the extension tokens, excluding the MIC token. The > Luke> acceptor verifies it and generates a MIC of its extension > Luke> token to send to the initiator. The initiator verifies this. > > Luke> This gives us protection of all extension tokens sent in the > Luke> last round trip. > > I'd like to hear comments on this. Unless we hear objections or the > editors receive different instructinos from the chairs, we will make > this so in the next version of the gss-eap draft.
+1 from me. -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
