eap Mailing List: Re: Re: Issue 352: Channel Binding Issue

[Bernard Aboba (bernard_aboba]

Right.  The method just outputs the MSK/EMSK.  As long as the same MSK is 
outputted on both the EAP peer and server, the authenticator doesn't need to 
know what channel bindings were mixed in.


> From: Yoshihiro Ohba <yohba [at] tari.toshiba.com>
> To: "Salowey, Joe" <jsalowey [at] cisco.com>
> CC: Bernard Aboba <bernard_aboba [at] hotmail.com>, yohba [at] tari.toshiba.com,      
>   eap [at] frascone.com
> Subject: Re: [eap] Re: Issue 352: Channel Binding Issue
> Date: Tue, 02 May 2006 18:55:29 -0400
>
> On Tue, May 02, 2006 at 03:21:19PM -0700, Salowey, Joe wrote:
> > I'm not sure that carrying "mixed" MSKs in existing attributes is such a
> > good idea,  how does the authenticator know what it is getting?
>
> I don't think the authenticator needs to know whether the received key
> is the MSK or mixed MSK, as long as both the peer and authenticator
> obtains the same key.
>
> Yoshihiro Ohba
>
>
> >
> > > -----Original Message-----
> > > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com]
> > > Sent: Tuesday, May 02, 2006 12:27 PM
> > > To: yohba [at] tari.toshiba.com
> > > Cc: eap [at] frascone.com
> > > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue
> > >
> > > >Thank you for reading the document.  And the answer is, if the
> > > >generated "mixed" MSKs are carried in the existing AAA attributes
> > > >instead of carrying the MSKs, then no AAA attributes or communication
> > > >flow is required for EAP keying.
> > >
> > > It might be worth saying a few words about this in the
> > > paragraph.  Overall,
> > > I'm not sure whether the Channel Binding text in the document
> > > is all that
> > > consistent/comprehesive.
> > >
> > >
> > > _________________________________________________________________
> > > To unsubscribe or modify your subscription options, please visit:
> > > http://lists.frascone.com/mailman/listinfo/eap
> > >
> > > Arhives: http://lists.frascone.com/pipermail/eap
> > >
> >
> >