| Re: channel binding | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Mon, 29 Aug 2005 13:42:55 -0400 (EDT) | |
Salowey, Joe wrote:
--Jari
I don't think confidentiality is strictly necessary if one isYes.
transmitting a MAC of blob of data (type 1). In GSS-API channel
bindings explicitly state that the underlying mechanism may not provide
confidentiality so applications must take this into consideration when
providing channel binding data.
If type 2 channel bindings are in use where data must be available on
the other side confidentiality is more of a consideration.
This would depend on the type of data being communicated. Type of service, identities of parties would be visible in the EAP exchange. Whether that's a problem depends on many things, including what the lower layer (both aaa and l2) does. Lets say that a future l2 has some kind of a support for hiding some of the identities involved in a network attachment. Now, if it also protects the EAP exchange then it doesn't matter if channel bindings are not encrypted. But if it doesn't protect EAP, then secure information from l2 may leak out via EAP.
Also, if we develop channel bindings capability for a parameter set now, we don't know what it will be used later for.
--Jari
- RE: RE: channel binding, (continued)
- RE: RE: channel binding Salowey, Joe, August 26 2005
-
channel binding Charles Clancy, August 29 2005
- Re: channel binding Yoshihiro Ohba, August 29 2005
-
RE: channel binding Salowey, Joe, August 29 2005
- Re: channel binding Jari Arkko, August 29 2005
-
RE: channel binding Salowey, Joe, August 30 2005
-
RE: channel binding Charles Clancy, August 31 2005
- Re: channel binding Jari Arkko, August 31 2005
- Re: channel binding Yoshihiro Ohba, August 31 2005
-
RE: channel binding Charles Clancy, August 31 2005
Results generated by Tiger Technologies using MHonArc.