Hi all, Paul Rowe, Arnab Roy, Prof. Andre Scedrov and Prof. John C. Mitchell did an analysis of EAP-GPSK and they essentially found three issues:
1) Use of encryption algorithms before choice is confirmed This aspect can be covered in the security consideration section of the upcoming draft version of EAP-GPSK: http://www.tschofenig.com/svn/draft-clancy-emu-eap-gpsk/draft-ietf-emu-e ap-gpsk-07.txt 2) Mitigation of potential DOS attack against client This aspect is a bit more controversial and we would require feedback from the group. I will post a separate mail on this subject. 3) Potential problem with the key derivation function This aspect also requires feedback from the group and a separate mail will be posted to the list. Ciao Hannes PS: Thanks to the group for doing the analysis and for discussing the issues with us. _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
