>>>>> "Hoeper" == Hoeper Katrin-QWKN37 <[email protected]> writes:
Hoeper> I agree. That's why I was thinking that adding a reference
Hoeper> that makes implementers aware of this problem would be a
Hoeper> good idea. Then they can make an educated decision about
Hoeper> whether they want to implement additional mitigation
Hoeper> techniques (i.e. enforce policies) or to not use
Hoeper> password-based inner methods.
Well, we also want to make sure that if you're using a non-password
inner method, then we are not vulnerable to MITM issues.
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
