Section 4.2.14 (Basic-Password-Auth-Resp TLV) defines the length of the password "PassLen" as "Length of Password field in octets'. However, there is no requirement that the length be greater than zero.
The same issue goes for the UserLen field. TBH, any password less than 8 octets should be viewed with great suspicion. I'll push some text, unless anyone has objections. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
