Nick Lowe wrote: > How/where does RFC 3580 preclude it being used when reauthentication > occurs? It just says it may be used "without a corresponding > authentication and authorization exchange"? I would argue it really > must stick over a reauthentication to work properly... I'd suggest it should use a re-authentication. Alan DeKok.