| Re: Re: issue 357: Channel Binding Definition | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Mon, 8 May 2006 20:40:03 -0700 (PDT) | |
I agree. Note that agreement just by EAP peer and server would not be sufficient. Authenticator's agreement by running SAP for proof of possession of a key that is generated by the peer and server and somehow bound to the chosen set of properties would be required. Otherwise, it seems possible for an attacker to sit between the peer and legitimate authenticator and do something wrong by spoofing some of the properties of the legitimate authenticator. Yoshihiro Ohba On Mon, May 08, 2006 at 06:39:05PM -0700, Bernard Aboba wrote: > >Suggested text: > > > >"Channel Binding > > > >A secure mechanism for ensuring that a chosen set of > >channel properties (such as endpoint identifiers) are > >agreed upon by the EAP peer, authenticator and > >server." > > I'm ok with this. Any objections? > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
- Re: Re: issue 357: Channel Binding Definition, (continued)
-
Re: Re: issue 357: Channel Binding Definition Jari Arkko, May 8 2006
- Re: Re: issue 357: Channel Binding Definition Bernard Aboba, May 8 2006
- Re: Re: issue 357: Channel Binding Definition Lakshminath Dondeti, May 8 2006
-
Re: Re: issue 357: Channel Binding Definition Bernard Aboba, May 8 2006
- Re: Re: issue 357: Channel Binding Definition Yoshihiro Ohba, May 8 2006
- Re: Re: issue 357: Channel Binding Definition Lakshminath Dondeti, May 9 2006
- Re: Re: issue 357: Channel Binding Definition Yoshihiro Ohba, May 9 2006
- Re: Re: issue 357: Channel Binding Definition Lakshminath Dondeti, May 9 2006
-
Re: Re: issue 357: Channel Binding Definition Jari Arkko, May 8 2006
Results generated by Tiger Technologies using MHonArc.