So, this paper makes it clear that I don't understand some of this stuff as well as I thought I did. No surprise there; it's complicated and this has not been my primary area of focus. so let's see if I can be educated.
In the part of the world I'm familiar with, we address this problem by authenticating the identity of the outer tunnel as part of the inner tunnel. For example for a TLS-based tunnel we might hash the TLS finish message into the inner method. We don't even try to do anything with plaintext password methods: there's no point you're just kidding yourself. We do try and do something with things like SCRAM (think mschapv2 roughly). We're typically using the tunnel in order to fight against dictionary attacks mounted by observers or to provide session security later. If I'm reading this paper right that's not what we're doing here in EAP. We're taking some quantity from the inner method and binding to that? What's the rationale for that? _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
