Joe, eap-lower-layer is not required for application authentication if there's some other attribute that's specific to the lower layer. For example Moonshot sends gss-acceptor-service-name but does not currently send eap-lower-layer, and doing that seems consistent with the requirements of the channel binding spec.
Adding a requirement for eap-lower-layer all the time would be new, but might be reasonable. --Sam _______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
