Sam Hartman wrote: > Hi. As we're starting to gain implementation experience, it looks like > this is a real problem with a lot of implementations out there. The > server we're looking at just sends back an EAP success packet > (unencrypted) as soon as it's sure that you've reached a success state.
I would imagine many implementations have similar behaviors. An EAP success means... send success, right? There are unlikely to be provisions in the EAP state machine for "success, but not really" cases. > It's actually being a bit tricky to convince the server to send a > channel binding reply. So, putting it mildly, I suspect a lot of > clients will be fairly liberal in accepting unprotected success. I agree. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
