| RE: Issue 235: (Key Framework) Rewrite of Section 1 | <– Date –> <– Thread –> |
From: Joseph Salowey (jsalowey cisco.com)
|
|
| Date: Thu, 8 Apr 2004 14:51:05 -0400 (EDT) | |
> -----Original Message----- > From: eap-admin [at] frascone.com [mailto:eap-admin [at] frascone.com] > On Behalf Of Florent Bersani > Sent: Thursday, April 08, 2004 8:07 AM > To: Bernard Aboba > Cc: eap [at] frascone.com > Subject: Re: [eap] Issue 235: (Key Framework) Rewrite of Section 1 > > > > > Bernard Aboba wrote: > > >>I would thus rather have something like: "Should an EAP method have > >>knowledge of the lower layer over which it is transported > and should > >>it wish to utilize identifiers associated with a particular media > >>environment - for instance to provide channel binding, it MAY do so > >>but it SHOULD support all media types EAP is commonly run over to > >>avoid specializing EAP to a particular media type". > >> > >> > > > >Media independence is one of the fundamental properties of > EAP. It is > >not a "nice to have". > > > > > I agree, apologies if my wording offended you. > > >Had this advice been taken in 1998 when EAP was first implemented, > >operation over 802.11 would not be possible today since that was not > >one of the media on which EAP was commonly run over at the time. > > > >Similarly, 802.16 is not common today, but it has adopted EAP as its > >authentication framework. > > > > > I totally agree - at least for the ongoing revision of 802.16 > since the > original standard does not use EAP at all, as you know > > >I am not aware of a case in which media independence needs to be > >compromised in order to provide for identification or > channel binding. > >For example, an EAP method need not necessarily be aware of > the content > >of an Identifier in order to use it. In terms of channel > binding, it > >can pass the Called or Calling-Station-Id to the AAA server as an > >opaque blob and receive back a confirmation of whether it matched or > >not, again without having knowledge of media. > > > > > > > Let's rephrase: my point was that to the naive reader that I am, the > media independence seemed to contradict the channel binding. > If this is > not the case (which I do hope and believe), then some clarification > might be needed. The text you very kindly provided might be > well suited > to do so... > > My only question (which does not belong to EAP) is more of a trivial > conclusion on implementations: for the EAP method to pass the opaque > blob containing the Called or Calling-Station-Id, it first > needs to get > that blob. Hence, we need here some communication between the > EAP method > and something that is aware of the media over which EAP is being run, > don't we? > [Joe] Yes, there needs to be a communication between EAP, which does authentication, and the party(s) responsible for authorization. There needs to be some data exported out of the EAP method to accomplish this such as authenticated identity and channel binding information. The authorization piece would need to be aware of what the parties communication is trying to do. > _______________________________________________ > eap mailing list > eap [at] frascone.com > http://mail.frascone.com/mailman/listinfo/eap >
-
Issue 235: (Key Framework) Rewrite of Section 1 Bernard Aboba, April 3 2004
-
Re: Issue 235: (Key Framework) Rewrite of Section 1 Florent Bersani, April 8 2004
-
Re: Issue 235: (Key Framework) Rewrite of Section 1 Bernard Aboba, April 8 2004
- Re: Issue 235: (Key Framework) Rewrite of Section 1 Florent Bersani, April 8 2004
- RE: Issue 235: (Key Framework) Rewrite of Section 1 Joseph Salowey, April 8 2004
- RE: Issue 235: (Key Framework) Rewrite of Section 1 Alper Yegin, April 12 2004
-
Re: Issue 235: (Key Framework) Rewrite of Section 1 Bernard Aboba, April 8 2004
-
Re: Issue 235: (Key Framework) Rewrite of Section 1 Florent Bersani, April 8 2004
Results generated by Tiger Technologies using MHonArc.