Validating key-binding-blob The level of trust relationship between an EAP authenticator and an EAP server may vary depending on the deployment If there is a full level of trust relationship between the EAP authenticator and EAP server, the EAP server can trust information sent by the EAP authenticator as it is No validation of key-binding-blob is needed Otherwise, validation of key-binding-blob is needed Validation is based on simple string comparison with the expected key-binding-blob value that may be pre-configured on the EAP server The EAP server would need to know the structure of the blob only at pre-configuration time (one time) but is still agnostic to the content of the blob during the AAA operation |