| Re: Channel binding consensus call | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Thu, 25 Aug 2005 12:18:00 -0400 (EDT) | |
So here are the questions: >1. Should we take on a WG work item, a specification > of a solution/protocol that provides channel bindings? Although interest in Channel Bindings has been increasingly recently, I don't think that we are at the point where we can choose a single solution/protocol. >2. Is this solution something that should go to > keying framework, as "the" mechanism to be > used by everyone, or is it an independent > extension? Result from Paris, at least as far > as Yoshi's scheme goes, was "independent > extension". I think that the keying framework does need to talk about how Channel Bindings fit within the architecture, but I don't think it needs to recommend a particular solution. In my view, Yoshi's scheme does not represent an extension to the EAP Key Management Framework, since it is compatible with the existing document and mainly requires documentation of the lower layer and AAA behavior, not changes to EAP method behavior, or new modes of EAP key management. >3. Should the solution be unified in some sense > across different types of EAP usage or should > we pursue multiple approaches? An example > of multiple approaches would be leaving it > to individual method writes without coordination, > different mechanisms for different link layers, > or developing both method and aaa-key based > mechanisms. I don't think it is required that all EAP methods handle Channel Bindings the exact same way, although some general architecture principles probably need to be established. One of the major architectural principles at stake here is whether AAA servers implementing EAP will remain media independent going forward. Today we do have media independence in AAA, so that implementations of RFC 3579/4072 can be used with PPP, 802.11, IKEv2, etc. Having AAA servers compute different roots of the key hierarchy depending on the media is a fairly major change, so we need to think the implications through.
-
channel binding consensus call Jari Arkko, August 25 2005
- Re: channel binding consensus call Jari Arkko, August 26 2005
- Re: channel binding consensus call Yoshihiro Ohba, August 26 2005
- Re: Channel binding consensus call Bernard Aboba, August 25 2005
- Re: Re: Channel binding consensus call Jari Arkko, August 26 2005
-
RE: channel binding consensus call Salowey, Joe, August 25 2005
- Re: channel binding consensus call Jari Arkko, August 26 2005
Results generated by Tiger Technologies using MHonArc.