eap Mailing List: Re: channel binding

[Yoshihiro Ohba (yohba]

On Mon, Aug 29, 2005 at 12:57:38PM -0400, Charles Clancy wrote:
> Channel binding transmits channel parameters between the EAP client and 
> EAP server in some protected way.  When done by methods, it seems the 
> general approach is to encrypt it (PSK, TTLS, etc), guaranteeing 
> authenticity.  Is there any reason why it a MAC over the blob would be 
> insufficient?  Is confidentiality required for some reason?

This is an interesting issue.  

I am not sure whether confidentiality is required for channel
parameters or not for existing lower layers.  But a solution that does
not necessarily require exposing channel parameters when exchanged
between peer and authenticator is certainly preferable, as I don't
think we can determine at this moment whether all lower layers
(including existing and future ones) do not require confidentiality.

Regarding carrying a MAC of a blob instead of a blob itself, I think
we need more analysis.  If a blob is mixture of confidential and
non-confidential parameters, can't the non-confidential parameters and
the MAC becomes a hint to find out the confidential ones?

Yoshihiro Ohba

> 
> I'm working on defining a protected channel in EAP-PAX for communicating 
> channel binding info, and I'd like to avoid defining a symmetric-key 
> encryption ciphersuite, as PAX is based on MACs.
> 
> [ t. charles clancy ]--[ tcc [at] umd.edu ]--[ www.cs.umd.edu/~clancy ]
> [ computer science ]-----[ university of maryland | college park ]
> 
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap