You may want to look at EAP-PAX. We tried to engineer around the
patent land mines in the field when we designed it. This of course
doesn't mean that someone won't claim it infringes on something.
We also have a proof (not yet published) of security in a random
oracle model.
Best, Bill
I must confess I'm puzzled why you consider strong authentication
the same as remote attestation for the purposes of this analysis.
It seems to me that your note already identifies one key difference:
remote attestation allows the remote computer to determine if they wish
to speak with my