> > I'm not sure I understand this, Bernard. The client doesn't need > > to know anything about the ticket format or get to decide > > anything about the mac. It's just the server talking to itself. In WLAN environments, the client has no way to restrict ticket submission to a given server. Rather, clients assume that any server associated with a given SSID is a potential ticket validator. Unfortunately, SSIDs (unlike domain names) are not globally unique. In fact, millions of APs ship every year with same default SSID. As a result, it will be very common for clients to submit tickets to servers who did not create them and are using completely different formats, algorithms and even protocol versions. Since the recommended ticket format includes only the client identity and not the server identity, and does not include information on the algorithms or formats used in constructing the ticket, the document is in effect setting a up a large scale "fuzzing experiment" in which random bits are submitted by clients to servers in order to see how they will react. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf