| Re: Issue 235: (Key Framework) Rewrite of Section 1 | <– Date –> <– Thread –> |
From: Florent Bersani (florent.bersani rd.francetelecom.fr)
|
|
| Date: Thu, 8 Apr 2004 08:28:32 -0400 (EDT) | |
Bernard,
I have concerns with the current wording of section 1.4.1 of the Key management framework: it seems to me as though it hinders the channel binding capability (please see the thread on Jari and Pasi's new I-D on authenticated service identities) - since to provide channel binding, EAP methods precisely need to transfer media specific information (though in a possibly media agnostic framework like the aforementioned draft).
I understand (and subscribe to) the fact that EAP methods should be media agnostic in their design. However, a possible way to do so is precisely to define appropriate elements for every media type (although this probably means quite a lot of work for now and the future).
I would thus rather have something like: "Should an EAP method have knowledge of the lower layer over which it is transported and should it wish to utilize identifiers associated with a particular media environment - for instance to provide channel binding, it MAY do so but it SHOULD support all media types EAP is commonly run over to avoid specializing EAP to a particular media type".
Cheers,
Florent
Bernard Aboba wrote:
I have concerns with the current wording of section 1.4.1 of the Key management framework: it seems to me as though it hinders the channel binding capability (please see the thread on Jari and Pasi's new I-D on authenticated service identities) - since to provide channel binding, EAP methods precisely need to transfer media specific information (though in a possibly media agnostic framework like the aforementioned draft).
I understand (and subscribe to) the fact that EAP methods should be media agnostic in their design. However, a possible way to do so is precisely to define appropriate elements for every media type (although this probably means quite a lot of work for now and the future).
I would thus rather have something like: "Should an EAP method have knowledge of the lower layer over which it is transported and should it wish to utilize identifiers associated with a particular media environment - for instance to provide channel binding, it MAY do so but it SHOULD support all media types EAP is commonly run over to avoid specializing EAP to a particular media type".
Cheers,
Florent
Bernard Aboba wrote:
Issue 235: Rewrite of Section 1 Submitter name: Bernard Aboba Submitter email address: aboba [at] internaut.com Date first submitted: 4/3/2004 Reference: http://www.drizzle.com/~aboba/EAP/draft-ietf-eap-keying-02.txt Document: Keying-01 Comment type: T/E Priority: S Section: 1 Rationale/Explanation of issue:
... 1.4.1. Media Independence
One of the goals of EAP is to allow EAP methods to function on any lower layer meeting the criteria outlined in [RFC3748], Section 3.1. For example, as described in [RFC3748], EAP authentication can be run over PPP [RFC1661], IEEE 802 wired networks [IEEE8021X], and IEEE 802.11 wireless LANs [IEEE80211i].
In order to maintain media independence, it is necessary for EAP to avoid inclusion of media-specific elements. For example, EAP methods cannot be assumed to have knowledge of the lower layer over which they are transproted, and cannot utilize identifiers associated with a particular usage environment (e.g. MAC addresses).
The need for media independence has also motivated the development of the three phase exchange. Since discovery is typically media- specific, this function is handled outside of EAP, rather than being incorporated within it. Similarly, the Secure Association Protocol often contains media dependencies such as negotiation of media- specific ciphersuites or session parameters, and as a result this functionality also cannot be incorporated within EAP.
-
Issue 235: (Key Framework) Rewrite of Section 1 Bernard Aboba, April 3 2004
- Re: Issue 235: (Key Framework) Rewrite of Section 1 Florent Bersani, April 8 2004
-
Re: Issue 235: (Key Framework) Rewrite of Section 1 Bernard Aboba, April 8 2004
- Re: Issue 235: (Key Framework) Rewrite of Section 1 Florent Bersani, April 8 2004
- RE: Issue 235: (Key Framework) Rewrite of Section 1 Joseph Salowey, April 8 2004
- RE: Issue 235: (Key Framework) Rewrite of Section 1 Alper Yegin, April 12 2004
Results generated by Tiger Technologies using MHonArc.