> http://trac.tools.ietf.org/wg/emu/trac/ticket/38 Clarify that crypto-binding TLV will always be run after every single EAP authentication, also even if there is no inner EAP authentication or, to ensure the outer TLVs and EAP type, version are verified.
TEAP draft 01, http://tools.ietf.org/html/draft-ietf-emu-eap-tunnel-method-01 Section 3.3 Old text: ³Phase 2 MUST always end with a protected termination exchange described in Section 3.3.3. ³ New Text: ³Phase 2 MUST always end with a crypto-binding TLV exchange descried in Section 4.2.9 and protected termination exchange described in Section 3.3.3. ³ Section 4.2.9: Old Text: ³The Crypto-Binding TLV is used to prove that both the peer and server participated in the tunnel establishment and sequence of authentications. It also provides verification of the TEAP version negotiated before TLS tunnel establishment, see Section 3.1 . The Crypto-Binding TLV MUST be included with the Intermediate-Result TLV to perform Cryptographic Binding after each successful EAP method in a sequence of EAP methods. The Crypto-Binding TLV can be issued at other times as well.² New Text: ³The Crypto-Binding TLV is used to prove that both the peer and server participated in the tunnel establishment and sequence of authentications. It also provides verification of the TEAP type, version negotiated, outer TLVs exchanged before the TLS tunnel establishment. The Crypto-Binding TLV MUST be exchanged and verified before the final Result TLV exchange, regardless whether there is an inner EAP method authentication or not. It MUST be included with the Intermediate-Result TLV to perform Cryptographic Binding after each successful EAP method in a sequence of EAP methods, before proceeding with another inner EAP method.² > >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu