| RE: Re: issue 357: Channel Binding Definition | <– Date –> <– Thread –> |
From: Narayanan, Vidya (vidyan qualcomm.com)
|
|
| Date: Tue, 2 May 2006 12:07:08 -0700 (PDT) | |
Minor clarification: "Channel Binding A *secure* mechanism for ensuring the correctness of channel properties (such as endpoint identifiers) provided to the EAP peer, authenticator and server. " The word secure is to imply that if this data is in fact sent as a blob between the peer and server, it must be integrity protected. Vidya > -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > Sent: Tuesday, May 02, 2006 7:11 AM > To: eap [at] frascone.com > Subject: [eap] Re: issue 357: Channel Binding Definition > > As Yoshi has pointed out, it may be possible to handle > channel bindings by mixing keys so that comparison may not be > required. How about this? > > "Channel Binding > > A mechanism for ensuring the correctness of channel > properties (such as endpoint identifiers) provided to the EAP > peer, authenticator and server. " > > ----------------------------------------------------------- > Issue 357: Channel Binding Definition > Submitter name: Vidya Narayanan > Submitter email address: vidyan [at] qualcomm.com Date Submitted: > May 1, 2006 > Reference: http://lists.frascone.com/pipermail/eap/msg04227.html > Document: KEYING-12 > Comment type: 'T'echnical > Priority: '1' Should fix > Section: 1.2 > Rationale/Explanation of issue: > > The document defines channel binding > as a communication within an EAP method - this seems a bit > restrictive, given that channel binding information could be > carried out-of-band as well. The only requirement is that the > information be integrity protected between the peer and server. > > Requested change: > Change wording to: > > "The communication of integrity-protected channel properties > such as endpoint identifiers which can be compared to values > communicated via out of band mechanisms (such as via a AAA or > lower layer protocol)." > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
- Re: Re: issue 357: Channel Binding Definition, (continued)
- Re: Re: issue 357: Channel Binding Definition Yoshihiro Ohba, May 8 2006
- Re: Re: issue 357: Channel Binding Definition Lakshminath Dondeti, May 9 2006
- Re: Re: issue 357: Channel Binding Definition Yoshihiro Ohba, May 9 2006
- Re: Re: issue 357: Channel Binding Definition Lakshminath Dondeti, May 9 2006
- RE: Re: issue 357: Channel Binding Definition Bernard Aboba, May 2 2006
- RE: Re: issue 357: Channel Binding Definition Bernard Aboba, May 2 2006
- Re: Re: issue 357: Channel Binding Definition Yoshihiro Ohba, May 2 2006
Results generated by Tiger Technologies using MHonArc.