| RE: channel binding | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Thu, 1 Sep 2005 00:07:41 -0400 (EDT) | |
> > [Joe] If you were going to carry just a blob then you would > probably > > carry a hash instead of a MAC, the MAC above is keyed with key > > material within the EAP method. I'm not sure that carry a hash of > > parameters in RADIUS is sufficient or necessary. It is > probably not > > sufficient because you may need to validate the contents of the > > bindings asserted by the authenticator in the AAA hosting the EAP > > server to avoid the problem you discuss above. It may not > be necessary > > since you need to have information associated with the > authenticator > > on the AAA that is hosting the EAP server to validate the > asserted binding by the > > authenticator. If the information is not variable then > you don't have > > to transmit it. If it is then you probably have to > transmit it so it > > can be verified. > > The draft-ohba-eap-aaakey-binding-01 draft assumes that a > blob carries static information only. Thus it is possible > for the AAA server to have the information to validate the > blob itself or a hash of the blob. If this is the case, > carry a hash of parameters in RADIUS is sufficient. [Joe] It is sufficient in the case when there is no variability in what the authenticator will send. In this case why send it at all? If there is variability in what the authenticator will send then it may not be straight forward to validate what the authenticator sends if it is just a hash value.
- RE: channel binding, (continued)
-
RE: channel binding Salowey, Joe, August 31 2005
- Re: channel binding Yoshihiro Ohba, August 31 2005
-
RE: channel binding Salowey, Joe, August 31 2005
- Re: channel binding Yoshihiro Ohba, August 31 2005
- RE: channel binding Salowey, Joe, August 31 2005
- Re: channel binding Yoshihiro Ohba, August 31 2005
-
RE: channel binding Salowey, Joe, August 31 2005
Results generated by Tiger Technologies using MHonArc.