Issue 2: Downgrading Protection Issue: EAP allows negotiation of an EAP method between authenticator and peer. This mechanism is vulnerable to downgrading attacks. Discussion: Providing downgrading protection in PANA is not good since an EAP server may not be co-located with PAA EAP method negotiation is not performed by PANA, so this is an EAP issue Resolution: Text incorporated in Security Considerations section Recommendation of using EAP-GSSAPI to negotiate an EAP method |