eap Mailing List: Re: RE: channel binding

[Yoshihiro Ohba (yohba]

On Tue, Aug 16, 2005 at 02:06:47PM -0400, Charles Clancy wrote:
> On Fri, 12 Aug 2005, Salowey, Joe wrote:
> 
> >>OK.  I think we are reaching some agreement on (please correct if I'm 
> >>wrong):
> >>
> >>- Channel binding mechanism in EAP-IKEv2 should not be removed (but 
> >>needs some modification to carry a blob in order to avoid the IANA 
> >>assignment issue.)
> >>
> >>- Key-derivation based channel binidng solution should be specified as 
> >>an extension to EAP keying framework.
> >>
> >
> >[Joe] Yes, I think this is a good approach.
> 
> I concur.  I'm planning to add channel binding support to EAP-PAX.

I think whichever way channel parameters are carried as a blob (i.e.,
carried in EAP methods like EAP-IKEv2 and EAP-PAX, or carried in a AAA
protocol as a key-binding-blob), the blob should have the same
media-specific structure defined by each media (e.g., PANA, IKEv2,
IEEE 802.11i, IKEv2, etc.).

Suppose that media X defines a blob structure S and that media X is
used between a peer and an authenticator.  When the key-derivation
based mechanismn is used for providing channel binding, a
key-binding-blob has structure S.  When an EAP-method based mechanism
is used, a blog carried in an EAP method has the same structure S.

This means that each media has the responsibility of defining
media-specific blob structure regardless of solutions.

Yoshihiro Ohba


> 
> In a perfect world, I think it should be done within EAP itself. 
> However, I think implementation changes make this an unrealistic for 
> deployment in the forseeable future.  Consequently, methods should 
> continue providing this functionality until it can be moved to a more 
> appropriate place.
> 
> [ t. charles clancy ]--[ tcc [at] umd.edu ]--[ www.cs.umd.edu/~clancy ]
> [ computer science ]-----[ university of maryland | college park ]
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap
>