| eap-keying: channel binding issue | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Mon, 24 Apr 2006 22:41:11 -0700 (PDT) | |
Issue: Channel Binding Submitter name: Yoshihiro Ohba Submitter email address: yohba [at] tari.toshiba.com Date Submitted: April 25, 2006 Reference: Document: Keying-12 Comment type: T Priority: 1 Section: 5.11 Rationale/Explanation of issue: Reference [I-D.draft-ohba-eap-aaakey-binding] should be obsoleted by its successor, i.e., [I-D.draft-ohba-eap-channel-binding] which provides more generic, complete and extensible way of channel binding. Note that pre-configuration of the parameter set on AS is an important property to achieve Channel Binding in 3-party key management. Change: " It is also possible to achieve Channel Bindings without transporting data over EAP. For example, see [I-D.draft-ohba-eap-aaakey-binding]. In this approach the authenticator informs the backend server about the Channel Binding parameters using AAA, and the backend server calculates transported keying material based on this parameter set, making it impossible for the peer and authenticator to complete the Secure Association Protocol if there was a mismatch in the parameters. " to: " It is also possible to achieve Channel Bindings without transporting data over EAP. For example, see [I-D.draft-ohba-eap-channel-binding]. In this approach the backend server calculates transported keying material based on the parameter set pre-configured for the authenticator, making it impossible for the peer and authenticator to complete the Secure Association Protocol if there was a mismatch in the parameters. "
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.