| RE: Re: Issue 352: Channel Binding Issue | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 2 May 2006 16:15:56 -0700 (PDT) | |
Hmmm... Peer gets MSK from EAP and mixes it with Y to get MSKY Authenticator gets mixed MSKY in exisitng AAA attribute, since this is an exisitng attribute it thinks it is just the MSK and mixes it with Y to get MSKYY. MSKY and MSKYY don't match. It seems to me a separate attribute would really be better. > -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > Sent: Tuesday, May 02, 2006 3:58 PM > To: yohba [at] tari.toshiba.com; Salowey, Joe > Cc: eap [at] frascone.com > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > Right. The method just outputs the MSK/EMSK. As long as the > same MSK is > outputted on both the EAP peer and server, the authenticator > doesn't need to > know what channel bindings were mixed in. > > > >From: Yoshihiro Ohba <yohba [at] tari.toshiba.com> > >To: "Salowey, Joe" <jsalowey [at] cisco.com> > >CC: Bernard Aboba <bernard_aboba [at] hotmail.com>, > yohba [at] tari.toshiba.com, > > eap [at] frascone.com > >Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > >Date: Tue, 02 May 2006 18:55:29 -0400 > > > >On Tue, May 02, 2006 at 03:21:19PM -0700, Salowey, Joe wrote: > > > I'm not sure that carrying "mixed" MSKs in existing > attributes is such a > > > good idea, how does the authenticator know what it is getting? > > > >I don't think the authenticator needs to know whether the > received key > >is the MSK or mixed MSK, as long as both the peer and authenticator > >obtains the same key. > > > >Yoshihiro Ohba > > > > > > > > > > > -----Original Message----- > > > > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > > > > Sent: Tuesday, May 02, 2006 12:27 PM > > > > To: yohba [at] tari.toshiba.com > > > > Cc: eap [at] frascone.com > > > > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > > > > > > > >Thank you for reading the document. And the answer is, if the > > > > >generated "mixed" MSKs are carried in the existing AAA > attributes > > > > >instead of carrying the MSKs, then no AAA attributes > or communication > > > > >flow is required for EAP keying. > > > > > > > > It might be worth saying a few words about this in the > > > > paragraph. Overall, > > > > I'm not sure whether the Channel Binding text in the document > > > > is all that > > > > consistent/comprehesive. > > > > > > > > > > > > > _________________________________________________________________ > > > > To unsubscribe or modify your subscription options, > please visit: > > > > http://lists.frascone.com/mailman/listinfo/eap > > > > > > > > Arhives: http://lists.frascone.com/pipermail/eap > > > > > > > > > > >
- Re: Re: Issue 352: Channel Binding Issue, (continued)
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 2 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 2 2006
-
Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 2 2006
- Re: Re: Issue 352: Channel Binding Issue Bernard Aboba, May 2 2006
-
Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 2 2006
- RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 2 2006
-
Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 2 2006
- Re: Re: Issue 352: Channel Binding Issue Jari Arkko, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Bernard Aboba, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
Results generated by Tiger Technologies using MHonArc.