>> * Use channel bindings to cover the initiator leg of reauth.
>
> OK, tlv-mic branch now contains an implementation of the latter.
A subtle (or not-so-subtle) implication of this approach is that, when used with reauth, acceptors cannot ignore channel bindings by passing in GSS_C_NO_BINDINGS.
-- Luke
|