On Jun 9, 2023, at 6:12 PM, Joseph Salowey <j...@salowey.net> wrote: > Given that this isn't currently being done in implementations, I think that > the answer here is "no". But it's likely worth adding a note to the effect > that: > > [Joe] I would also say no here.
OK. I'll add some notes on this issue. > [Joe] I'm in favor of banning EAP-MD5 for this and other reasons. On further examination, there isn't much point in banning EAP-MD5, because TEAP supports Basic Password TLVs, which have the same issue. I'll add some text warning people of this issue. I'll also add text suggesting that any method which doesn't generate an inner MSK/EMSK SHOULD be run in conjunction with a method which does generate an inner MSK/EMSK. I believe that addresses the issue. At this point, the only thing I'm looking for is some updated diagrams from Eliot. I think with those, the document could be finished. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
