eap Mailing List: RE: channel binding

[Salowey, Joe (jsalowey]

I don't think confidentiality is strictly necessary if one is
transmitting a MAC of blob of data (type 1).  In GSS-API channel
bindings explicitly state that the underlying mechanism may not provide
confidentiality so applications must take this into consideration when
providing channel binding data. 

If type 2 channel bindings are in use where data must be available on
the other side confidentiality is more of a consideration. 

Joe 

 

> -----Original Message-----
> From: Charles Clancy [mailto:clancy [at] cs.umd.edu] 
> Sent: Monday, August 29, 2005 9:58 AM
> To: eap [at] frascone.com
> Subject: [eap] channel binding
> 
> Channel binding transmits channel parameters between the EAP 
> client and EAP server in some protected way.  When done by 
> methods, it seems the general approach is to encrypt it (PSK, 
> TTLS, etc), guaranteeing authenticity.  Is there any reason 
> why it a MAC over the blob would be insufficient?  Is 
> confidentiality required for some reason?
> 
> I'm working on defining a protected channel in EAP-PAX for 
> communicating channel binding info, and I'd like to avoid 
> defining a symmetric-key encryption ciphersuite, as PAX is 
> based on MACs.
> 
> [ t. charles clancy ]--[ tcc [at] umd.edu ]--[ 
> www.cs.umd.edu/~clancy ] [ computer science ]-----[ 
> university of maryland | college park ]
> 
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap
>