Just reviewing it yet again, both RFC 7170 and 7170bis have the following text for the Crypto-Binding TLV:
Nonce > The Nonce field is 32 octets. It contains a 256-bit nonce that is > temporally unique, used for Compound-MAC key derivation at each > end. The nonce in a request MUST have its least significant bit > set to zero (0), and the nonce in a response MUST have the same > value as the request nonce except the least significant bit MUST > be set to one (1). Except that the Nonce is *not* used for the Compound-MAC key derivation at each end. Do implementations set / check the Nonce field as discussed above? Would it make sense to just ignore this field? Alan DeKok. _______________________________________________ Emu mailing list -- emu@ietf.org To unsubscribe send an email to emu-le...@ietf.org
