| Re: channel binding | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Thu, 1 Sep 2005 00:17:13 -0400 (EDT) | |
On Wed, Aug 31, 2005 at 09:12:28PM -0700, Salowey, Joe wrote: > > > > The draft-ohba-eap-aaakey-binding-01 draft assumes that a > > blob carries static information only. Thus it is possible > > for the AAA server to have the information to validate the > > blob itself or a hash of the blob. If this is the case, > > carry a hash of parameters in RADIUS is sufficient. > > [Joe] It is sufficient in the case when there is no variability in what > the authenticator will send. In this case why send it at all? Good point. If the authenticator sends it, the AAA server does not need to have the information pre-configured (i.e., ease of management). Of course this works only when the authenticator is fully trusted by the server. > If there > is variability in what the authenticator will send then it may not be > straight forward to validate what the authenticator sends if it is just > a hash value. Yes, this would be true. On the other hand, draft-ohba-eap-aaakey-binding-01 does not assume the variability. Yoshihiro Ohba
- Re: channel binding, (continued)
- Re: channel binding Yoshihiro Ohba, August 31 2005
-
RE: channel binding Salowey, Joe, August 31 2005
- Re: channel binding Yoshihiro Ohba, August 31 2005
-
RE: channel binding Salowey, Joe, August 31 2005
- Re: channel binding Yoshihiro Ohba, August 31 2005
Results generated by Tiger Technologies using MHonArc.