| RE: Re: Issue 352: Channel Binding Issue | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 9 May 2006 07:58:35 -0700 (PDT) | |
> -----Original Message----- > From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com] > Sent: Tuesday, May 09, 2006 5:55 AM > To: Salowey, Joe > Cc: Yoshihiro Ohba; Bernard Aboba; eap [at] frascone.com > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue > > On Mon, May 08, 2006 at 10:09:34PM -0700, Salowey, Joe wrote: > > > > > > If EAP keying material is not used for secure association > at all, I > > > don't think CB is possible because an attacker authenticator can > > > simply spoof legitimate authenticator's parameters. This > can happen > > > in the case of wired 802.1X as well. Am I wrong? > > > > > [Joe] The same argument applies to peer entity > authentication without > > ongoing data authentication. However this is still > deployed and appears > > to be somewhat useful. I don't think this is the place to > discuss the > > merits of 802.1x. > > Perhaps you miss my point. I did not discuss the merit of 802.1X. My > point is that having a Channel Binding solution for lower layers that > do not use cryptographic per-packet acess control does not > really make > sense to me. > [Joe] Perhaps, my point is that channel bindings are a useful as authentication with regard to the lack of per-packet cryptographic protection. > Yoshihiro Ohba >
- Re: Re: Issue 352: Channel Binding Issue, (continued)
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 8 2006
- RE: Re: Issue 352: Channel Binding Issue Bernard Aboba, May 8 2006
-
RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 8 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 9 2006
- RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 9 2006
- Re: Re: Issue 352: Channel Binding Issue Yoshihiro Ohba, May 9 2006
- RE: Re: Issue 352: Channel Binding Issue Salowey, Joe, May 9 2006
Results generated by Tiger Technologies using MHonArc.