> If we get a shared key out of the method then GSS-EAP should probably > use it to construct its own protected success and failure messages > (which should be sent in addition to, and in parallel with the EAP > messages).
AFAIK we only get a shared key on success. We do send unprotected error messages at present. I need to check the code to see if we send protected error messages in the post-EAP exchange. If we don't we probably should, this isn't too hard as that exchange is already protected anyway. Perhaps it just works :-) -- Luke _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
