| Re: Re: Issue 352: Channel Binding Issue | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Mon, 8 May 2006 05:11:57 -0700 (PDT) | |
As the authenticator has to do its own mixing, it does not need to know if the additional mixing has been done by the AAA or not. Yoshihiro Ohba On Sun, May 07, 2006 at 11:44:35AM -0700, Salowey, Joe wrote: > > > > -----Original Message----- > > From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com] > > Sent: Tuesday, May 02, 2006 4:23 PM > > To: Salowey, Joe > > Cc: Bernard Aboba; yohba [at] tari.toshiba.com; eap [at] frascone.com > > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > > > On Tue, May 02, 2006 at 04:23:22PM -0700, Salowey, Joe wrote: > > > Hmmm... > > > > > > Peer gets MSK from EAP and mixes it with Y to get MSKY > > > Authenticator gets mixed MSKY in exisitng AAA attribute, > > since this is > > > an exisitng attribute it thinks it is just the MSK and > > mixes it with Y > > > to get MSKYY. MSKY and MSKYY don't match. > > > > There is some misunderstanding. If the authenticator is supposed to > > further mix Y to get MSKYY from MSKY, then the peer is also supposed > > to further mix Y to get MSKYY from MSKY. > > > [Joe] Yes, but how does the authenticator know if the mixing has been > done by the AAA or if it has to do the mixing. > > > > Yoshihiro Ohba > > > > > > > > > > > > It seems to me a separate attribute would really be better. > > > > > > > > > > -----Original Message----- > > > > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > > > > Sent: Tuesday, May 02, 2006 3:58 PM > > > > To: yohba [at] tari.toshiba.com; Salowey, Joe > > > > Cc: eap [at] frascone.com > > > > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > > > > > > > Right. The method just outputs the MSK/EMSK. As long as the > > > > same MSK is > > > > outputted on both the EAP peer and server, the authenticator > > > > doesn't need to > > > > know what channel bindings were mixed in. > > > > > > > > > > > > >From: Yoshihiro Ohba <yohba [at] tari.toshiba.com> > > > > >To: "Salowey, Joe" <jsalowey [at] cisco.com> > > > > >CC: Bernard Aboba <bernard_aboba [at] hotmail.com>, > > > > yohba [at] tari.toshiba.com, > > > > > eap [at] frascone.com > > > > >Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > > > >Date: Tue, 02 May 2006 18:55:29 -0400 > > > > > > > > > >On Tue, May 02, 2006 at 03:21:19PM -0700, Salowey, Joe wrote: > > > > > > I'm not sure that carrying "mixed" MSKs in existing > > > > attributes is such a > > > > > > good idea, how does the authenticator know what it > > is getting? > > > > > > > > > >I don't think the authenticator needs to know whether the > > > > received key > > > > >is the MSK or mixed MSK, as long as both the peer and > > authenticator > > > > >obtains the same key. > > > > > > > > > >Yoshihiro Ohba > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > > > > > > > Sent: Tuesday, May 02, 2006 12:27 PM > > > > > > > To: yohba [at] tari.toshiba.com > > > > > > > Cc: eap [at] frascone.com > > > > > > > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > > > > > > > > > > > > > >Thank you for reading the document. And the > > answer is, if the > > > > > > > >generated "mixed" MSKs are carried in the existing AAA > > > > attributes > > > > > > > >instead of carrying the MSKs, then no AAA attributes > > > > or communication > > > > > > > >flow is required for EAP keying. > > > > > > > > > > > > > > It might be worth saying a few words about this in the > > > > > > > paragraph. Overall, > > > > > > > I'm not sure whether the Channel Binding text in > > the document > > > > > > > is all that > > > > > > > consistent/comprehesive. > > > > > > > > > > > > > > > > > > > > > > > > > _________________________________________________________________ > > > > > > > To unsubscribe or modify your subscription options, > > > > please visit: > > > > > > > http://lists.frascone.com/mailman/listinfo/eap > > > > > > > > > > > > > > Arhives: http://lists.frascone.com/pipermail/eap > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Re: Re: Issue 352: Channel Binding Issue, (continued)
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 7 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 7 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
Results generated by Tiger Technologies using MHonArc.