| Re: issue 325 - channel bindings | <– Date –> <– Thread –> |
From: Mohan Parthasarathy (mohanp sbcglobal.net)
|
|
| Date: Mon, 6 Mar 2006 20:43:35 -0800 (PST) | |
> It may be too late to make comment on this, but if we agree on only > the server has the knowledge of the Channel Binding values, I really > don't see any value on carrying Channel Bindings over EAP methods > compared to the other method of using the Channel Bindings for key > derivation. Please correct if my view is wrong. > Yes, i miss the value in just the server and peer checking for consitency in values. Unless the server can check the values against a pre-configured database, channel bindings is of little use. Or if there is some use, someone should explain what it is. -mohan > Yoshihiro Ohba > > > On Mon, Mar 06, 2006 at 04:01:51AM -0800, Bernard Aboba wrote: > > How about this? > > > > "Channel Bindings include lower layer parameters that > > are verified for consistency between the EAP peer and server. > > In order to avoid introducing media dependencies, EAP > > methods that transport Channel Binding data MUST treat this > > data as opaque octets. > > > > Typically the EAP method imports Channel Bindings from the > > lower layer on the peer, and transmits them securely to the > > EAP server, which exports them to the lower layer or AAA layer. However, > > transport may occur from EAP server to peer, or may be > > bi-directional. On the side of the exchange (peer or server) > > where Channel Bindings are verified, the lower layer or AAA layer passes > > the result of the verification (TRUE or FALSE) up to the > > EAP method. > > > > While the verification can be done either by the peer > > or the server, typically only the server has the knowledge to > > determine the correctness of the values, as opposed to merely > > verifying their equality." > > > > > > _________________________________________________________________ > > To unsubscribe or modify your subscription options, please visit: > > http://lists.frascone.com/mailman/listinfo/eap > > > > Arhives: http://lists.frascone.com/pipermail/eap > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap
- Re: issue 325 - channel bindings, (continued)
-
Re: issue 325 - channel bindings Jari Arkko, March 6 2006
- Re: issue 325 - channel bindings Bernard Aboba, March 6 2006
- Re: issue 325 - channel bindings Jari Arkko, March 6 2006
- Re: issue 325 - channel bindings Yoshihiro Ohba, March 6 2006
- Re: issue 325 - channel bindings Mohan Parthasarathy, March 6 2006
-
Re: issue 325 - channel bindings Jari Arkko, March 6 2006
Results generated by Tiger Technologies using MHonArc.