Proxy Elimination + Key is not shown to other parties + Lengthy EAP runs become faster + We authenticate the node on the other side - But untrusted proxies can still misbehave! Proxy might not send a Redirect Proxy might send the wrong server’s address => We need additional authorization Configuration Attributes in server certs? NAI realm vs. FQDN in server check |