| Re: Re: Issue 352: Channel Binding Issue | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Tue, 2 May 2006 16:23:02 -0700 (PDT) | |
On Tue, May 02, 2006 at 04:23:22PM -0700, Salowey, Joe wrote: > Hmmm... > > Peer gets MSK from EAP and mixes it with Y to get MSKY > Authenticator gets mixed MSKY in exisitng AAA attribute, since this is > an exisitng attribute it thinks it is just the MSK and mixes it with Y > to get MSKYY. MSKY and MSKYY don't match. There is some misunderstanding. If the authenticator is supposed to further mix Y to get MSKYY from MSKY, then the peer is also supposed to further mix Y to get MSKYY from MSKY. Yoshihiro Ohba > > It seems to me a separate attribute would really be better. > > > > -----Original Message----- > > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > > Sent: Tuesday, May 02, 2006 3:58 PM > > To: yohba [at] tari.toshiba.com; Salowey, Joe > > Cc: eap [at] frascone.com > > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > > > Right. The method just outputs the MSK/EMSK. As long as the > > same MSK is > > outputted on both the EAP peer and server, the authenticator > > doesn't need to > > know what channel bindings were mixed in. > > > > > > >From: Yoshihiro Ohba <yohba [at] tari.toshiba.com> > > >To: "Salowey, Joe" <jsalowey [at] cisco.com> > > >CC: Bernard Aboba <bernard_aboba [at] hotmail.com>, > > yohba [at] tari.toshiba.com, > > > eap [at] frascone.com > > >Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > >Date: Tue, 02 May 2006 18:55:29 -0400 > > > > > >On Tue, May 02, 2006 at 03:21:19PM -0700, Salowey, Joe wrote: > > > > I'm not sure that carrying "mixed" MSKs in existing > > attributes is such a > > > > good idea, how does the authenticator know what it is getting? > > > > > >I don't think the authenticator needs to know whether the > > received key > > >is the MSK or mixed MSK, as long as both the peer and authenticator > > >obtains the same key. > > > > > >Yoshihiro Ohba > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > > > > > Sent: Tuesday, May 02, 2006 12:27 PM > > > > > To: yohba [at] tari.toshiba.com > > > > > Cc: eap [at] frascone.com > > > > > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > > > > > > > > > >Thank you for reading the document. And the answer is, if the > > > > > >generated "mixed" MSKs are carried in the existing AAA > > attributes > > > > > >instead of carrying the MSKs, then no AAA attributes > > or communication > > > > > >flow is required for EAP keying. > > > > > > > > > > It might be worth saying a few words about this in the > > > > > paragraph. Overall, > > > > > I'm not sure whether the Channel Binding text in the document > > > > > is all that > > > > > consistent/comprehesive. > > > > > > > > > > > > > > > > > _________________________________________________________________ > > > > > To unsubscribe or modify your subscription options, > > please visit: > > > > > http://lists.frascone.com/mailman/listinfo/eap > > > > > > > > > > Arhives: http://lists.frascone.com/pipermail/eap > > > > > > > > > > > > > > > > >
- RE: Re: Issue 352: Channel Binding Issue, (continued)
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 2 2006
-
Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 2 2006
- Re: Re: Issue 352: Channel Binding Issue Bernard Aboba, May 2 2006
-
Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 2 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 2 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 2 2006
- Re: Re: Issue 352: Channel Binding Issue Jari Arkko, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Bernard Aboba, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 2 2006
Results generated by Tiger Technologies using MHonArc.