It looks like draft-arkko-eap-aka-kdf-09.txt updates the RFC 4187
definition of AT_CHECKCODE by changing the length of Checkcode field to
be "0 or 32 bytes". This does not look correct since EAP-AKA continues
to use 20-byte Checkcode value and the same definition of the attribute
is shared by both EAP-AKA and EAP-AKA' (assuming I understood the draft
correctly). The updated version should include 20 bytes as a valid
length of the Checkcode field (i.e., something like "0, 20, or 32
bytes"). In addition, the following paragraph ("Second, the checkcode is
a hash value ..") should be modified to apply only for EAP-AKA' and only
when using AT_KDF Key Derivation Function value 1.-- Jouni Malinen PGP id EFC895FA _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
