Dan Harkins wrote: > Wrong, it "allows the user credentials to be exposed", depending on > the EAP method.
Hmm... it requires that any user credentials in the tunnel be exposed. > I understand the difference (obviously a bit better than you do). And I > didn't ask you to list the differences. You said that the former "fails > the privacy requirements of any TLS-based EAP method." So I asked you a > simple question. Let me rephrase it for you in the hope you will answer > it: how do you propose to prevent this REQUIREMENT from not being met? The requirements are that the home system gets to choose the privacy requirements. If they choose to terminate TLS in the visited network, fine. If they choose to terminate the TLS method themselves, and then forward the user credentials elsewhere, fine. In that view, your question is irrelevant. The alternate view, and one I'm opposed to, is that a third-party chooses the privacy requirements for the home system. In that view, your question is highly relevant. Since it's not a view I hold, I cannot answer your question in any meaningful way. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
