pana-1----Page:20
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
|
Issue 2: Downgrading Protection Issue: EAP allows negotiation of an EAP method between authenticator and peer. This mechanism is vulnerable to downgrading attacks. Discussion: Providing downgrading protection in PANA is not good since an EAP server may not be co-located with PAA EAP method negotiation is not performed by PANA, so this is an EAP issue Resolution: Text incorporated in Security Considerations section Recommendation of using EAP-GSSAPI to negotiate an EAP method |