On Sun, Nov 27, 2022 at 02:13:33PM +0000, Alexander Clouter wrote: > We need the inner EAP method's MSK/EMSK material to verify/calculate > the Cryptobinding CMACs so do not dispose of them when seeing an > Identity request; this occurs duing EAP sequences (machine+user auth) Why would this be needed for the Identity method? It is not an EAP authentication method and it is not followed by the Intermediate-Result/Crypto-Binding exchange (unlike the actual EAP authentication methods would be). Unless I missed something here, this seems to be related to this errata entry on the RFC 7170: https://www.rfc-editor.org/errata/eid5767 -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
