On Feb 17, 2023, at 10:42 AM, Heikki Vatiainen <h...@radiatorsoftware.com> wrote: > The second paragraph of section '6.1. Handling of TLS NewSessionTicket > Messages' ends with this sentence where the end of sentence is > repeated: > > If the server allows the session to > resume without verifying that the user had first been authenticated, > the malicious client can then obtain network access without ever > being authenticated network access without ever being authenticated.
Fixed, thanks. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu