eap-10----Page:10
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
|
Solution Mechanisms Recommended Policy restrictions For non-key deriving methods client & server policy Use separate credentials inside/outside tunnels Use methods inside tunnels always Cryptographic Binding Compound Keyed MACs Keyed MACs computed from safe one-way derivation from keys of all inner methods and tunnel method Additional mutual authentication round trip (binding phase exchange) with keyed MACs Compound Session Keys Bound Key derived using safe one-way derivation from keys of all inner methods and tunnel method |