I'm not sure I understand this, Bernard. The client doesn't need
to know anything about the ticket format or get to decide
anything about the mac. It's just the server talking to itself.
In WLAN environments, the client has no way to restrict ticket submission
to a given server. Rather, clients assume that any server associated with
a given SSID is a potential ticket validator. Unfortunately, SSIDs
(unlike domain names) are not globally unique. In fact, millions of APs
ship every year with same default SSID. As a result, it will be very
common for clients to submit tickets to servers who did not create them
and are using completely different formats, algorithms and even protocol
versions.
Since the recommended ticket format includes only the client identity and
not the server identity, and does not include information on the
algorithms or formats used in constructing the ticket, the document is in
effect setting a up a large scale "fuzzing experiment" in which random
bits are submitted by clients to servers in order to see how they will
react.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf