Dan Harkins wrote:
2. solves the specific problem it is aimed at poorly-- doubling of
the number of messages, requiring writing and testing of new
state EAP state machines that are, otherwise, unnecessary; and,
Does it double, or does it really just "n+1", which is doubling if the
rest of the protocol has "n=1"? I also wonder if this is really a
sufficiently compelling reason to have two sets of code.
3. is insecure (unless something used nowhere today is employed: EAP
channel bindings).
We can, and must solve this.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
