aaa-3----Page:13
1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24 

Proxy Elimination
+ Key is not shown to other parties
+ Lengthy EAP runs become faster
+ We authenticate the node on the other side
- But untrusted proxies can still misbehave!
Proxy might not send a Redirect
Proxy might send the wrong serverís address
=> We need additional authorization
Configuration
Attributes in server certs?
NAI realm vs. FQDN in server check
PPT Version