| RE: channel binding | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 30 Aug 2005 17:49:41 -0400 (EDT) | |
> -----Original Message----- > From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com] > Sent: Monday, August 29, 2005 11:06 AM > To: Charles Clancy > Cc: eap [at] frascone.com > Subject: Re: [eap] channel binding > > On Mon, Aug 29, 2005 at 12:57:38PM -0400, Charles Clancy wrote: > > Channel binding transmits channel parameters between the EAP client > > and EAP server in some protected way. When done by > methods, it seems > > the general approach is to encrypt it (PSK, TTLS, etc), > guaranteeing > > authenticity. Is there any reason why it a MAC over the > blob would be > > insufficient? Is confidentiality required for some reason? > > This is an interesting issue. > > I am not sure whether confidentiality is required for channel > parameters or not for existing lower layers. But a solution > that does not necessarily require exposing channel parameters > when exchanged between peer and authenticator is certainly > preferable, as I don't think we can determine at this moment > whether all lower layers (including existing and future ones) > do not require confidentiality. > > Regarding carrying a MAC of a blob instead of a blob itself, > I think we need more analysis. If a blob is mixture of > confidential and non-confidential parameters, can't the > non-confidential parameters and the MAC becomes a hint to > find out the confidential ones? > [Joe] Maybe, I don't think that a MAC necessarily has the properties of a pseudo-random function so some information may leak into the MAC value. I'm not sure how close to a PRF something like HMAC is. > Yoshihiro Ohba > > > > > I'm working on defining a protected channel in EAP-PAX for > > communicating channel binding info, and I'd like to avoid > defining a > > symmetric-key encryption ciphersuite, as PAX is based on MACs. > > > > [ t. charles clancy ]--[ tcc [at] umd.edu ]--[ > www.cs.umd.edu/~clancy ] [ > > computer science ]-----[ university of maryland | college park ] > > > > _______________________________________________ > > eap mailing list > > eap [at] frascone.com > > http://mail.frascone.com/mailman/listinfo/eap > _______________________________________________ > eap mailing list > eap [at] frascone.com > http://mail.frascone.com/mailman/listinfo/eap >
- channel binding, (continued)
-
channel binding Charles Clancy, August 29 2005
- Re: channel binding Yoshihiro Ohba, August 29 2005
-
RE: channel binding Salowey, Joe, August 29 2005
- Re: channel binding Jari Arkko, August 29 2005
- RE: channel binding Salowey, Joe, August 30 2005
-
RE: channel binding Charles Clancy, August 31 2005
- Re: channel binding Jari Arkko, August 31 2005
- Re: channel binding Yoshihiro Ohba, August 31 2005
-
channel binding Charles Clancy, August 29 2005
- RE: channel binding Salowey, Joe, August 31 2005
Results generated by Tiger Technologies using MHonArc.