| RE: EAP Notification MICs in RFC 3748 (Was: Re: [eap] EAP-AKA review) | <– Date –> <– Thread –> |
From: henry.haverinen (henry.haverinen nokia.com)
|
|
| Date: Tue, 12 Oct 2004 10:51:08 -0400 (EDT) | |
Hi Jari, > I'm opening another thread as there's part of this issue > that does not relate directly to EAP AKA. You said: > > > I could not find anything in RFC 3748 that would require the method > > specification to state whether EAP Notifications are protected. > > No, but there's in fact a note that identity and notification > contents could be useful to protect. See Section 7.5: > > Since EAP messages of Types Identity, Notification, and Nak do not > include their own MIC, it may be desirable for the EAP > method MIC to > cover information contained within these messages, as well as the > header of each EAP message. I agree with your reasoning that it might not be desirable to protect these messages. But I suppose this isn't serious enough to justify any RFC3748bis work. :-) But this MIC problem might be revisited if such work is initiated for other reasons. Best regards, Henry
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.