| RE: Re: Issue 352: Channel Binding Issue | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Mon, 8 May 2006 09:10:08 -0700 (PDT) | |
> > [Joe] Obsoleted by what? > > I'd say by CB with key mixing. > [Joe] I don't agree. For one there are usages of EAP which do not use EAP keying material so key mixing will not work for them. > > > > > > > > > > > > > > > > " > > > > > Using such a protected exchange, it is possible to match > > > the channel > > > > > properties provided by the authenticator via out-of-band > > > mechanisms > > > > > against those exchanged within the EAP method. For > > > example, see the > > > > > discussion in Section 1.4 as well as > > > [I-D.arkko-eap-service-identity- > > > > > auth]. > > > > > " > > > > > > > > > > According to the the AAA server's requirement on > pre-configurating > > > > > Channel Binding parameters, I don't see the usefulness of > > > > > [I-D.arkko-eap-service-identity-auth]. Do we really need this > > > > > paragraph? > > > > > > > > > [Joe] It still seems useful to me. > > > > > > Can you elaborate on how it is useful? > > > > > [Joe] It allows the back end to validate parameters > advertised by the > > authenticator. > > I have a doubt about the usefulness of doing this for Channel Binding > as it requires the additional over-the-air step of exchanging CB data > between the peer and the server. In key mixing approach, this step is > not needed. > > Yoshihiro Ohba > > > > > > > Regards, > > > Yoshihiro Ohba > > > > > > > > > > > > > > > > > > > > > > > > " > > > > > The main difference between these approaches is that > > > Channel Binding > > > > > support within an EAP method may require upgrading or > changing the > > > > > EAP method, impacting both the peer and the server. > > > Where Channel > > > > > Bindings are implemented in AAA, the peer, > authenticator and the > > > > > backend server need to be upgraded, but the EAP > method need not be > > > > > modified. > > > > > " > > > > > > > > > > If we have only one Channel Binding method, we don't need this > > > > > comparison. > > > > > > > > [Joe] I don't think this is the place to define one method. > > > > > > > > > > > > > Best regards, > > > > > Yoshihiro Ohba > > > > > > _________________________________________________________________ > > > > > To unsubscribe or modify your subscription options, > please visit: > > > > > http://lists.frascone.com/mailman/listinfo/eap > > > > > > > > > > Arhives: http://lists.frascone.com/pipermail/eap > > > > > > > > > > > > > > > > > > > > >
- RE: Re: Issue 352: Channel Binding Issue, (continued)
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 7 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 7 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
- RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 7 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
- RE: Re: Issue 352: Channel Binding Issue Bernard Aboba, May 8 2006
Results generated by Tiger Technologies using MHonArc.