eap Mailing List: channel binding

[Yoshihiro Ohba (yohba727]

Hi Joe,

On Fri, Aug 05, 2005 at 02:33:18AM -0700, Salowey, Joe wrote:
>  
>
> > -----Original Message-----
> > From: Jari Arkko [mailto:jari.arkko [at] piuha.net] 
> > Sent: Friday, August 05, 2005 1:59 AM
> > To: eap [at] frascone.com
> > Cc: Yoshihiro Ohba
> > Subject: [eap] channel binding
> > 
> > Forwarding bounced message to the list:
> > 
> > >Subject: channel binding
> > >User-Agent: Mutt/1.5.9i
> > >
> > >In the IETF63 EAP meeting, I think there was a consensus 
> > that the new 
> > >channel binding scheme described in 
> > >draft-ohba-eap-aaakey-binding-00.txt will not be included in the EAP 
> > >keying framework draft.  But I would like to confirm if it is OK to 
> > >describe the scheme to be described in a separate document as an 
> > >extension to the keying framework.
> > >
> > >As Hannes mentioned in the meeting, we need an answer for it 
> > as soon as 
> > >possible because EAP-IKEv2 (I am a co-author of it) has its 
> > own channel 
> > >binding functionality and I think that if the new channel binding 
> > >scheme is accepted as an extension, we can remove the 
> > channel binding 
> > >functionality from EAP-IKEv2 to make it much simpler and rely on the 
> > >new channel binding scheme instead.
> > >
>
> [Joe] I don't think it would be a good idea to remove "channel bindings"
> from EAP-IKEv2 itself.  Performing this functionality in the method is
> different than doing it in the key derivation.  For example there are
> uses of EAP where EAP derived keys are not used and therefore any sort
> of binding in the key derivation would be useless.

I don't understand this, as we are not discussing the case where EAP
derived keys are not used.

Yoshihiro Ohba