eap Mailing List: Re: Re: Issue 352: Channel Binding Issue

[Yoshihiro Ohba (yohba]

On Tue, May 09, 2006 at 08:06:01AM -0700, Salowey, Joe wrote:
>  
> 
> > -----Original Message-----
> > From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com] 
> > Sent: Tuesday, May 09, 2006 5:55 AM
> > To: Salowey, Joe
> > Cc: Yoshihiro Ohba; Bernard Aboba; eap [at] frascone.com
> > Subject: Re: [eap] Re: Issue 352: Channel Binding Issue
> > 
> > On Mon, May 08, 2006 at 10:09:34PM -0700, Salowey, Joe wrote:
> > > > 
> > > > If EAP keying material is not used for secure association 
> > at all, I
> > > > don't think CB is possible because an attacker authenticator can
> > > > simply spoof legitimate authenticator's parameters.  This 
> > can happen
> > > > in the case of wired 802.1X as well.  Am I wrong?
> > > > 
> > > [Joe] The same argument applies to peer entity 
> > authentication without
> > > ongoing data authentication.  However this is still 
> > deployed and appears
> > > to be somewhat useful.  I don't think this is the place to 
> > discuss the
> > > merits of 802.1x.  
> > 
> > Perhaps you miss my point.  I did not discuss the merit of 802.1X.  My
> > point is that having a Channel Binding solution for lower layers that
> > do not use cryptographic per-packet acess control does not 
> > really make 
> > sense to me.
> > 
> [Joe] Perhaps, my point is that channel bindings are a useful as
> authentication with regard to the lack of per-packet cryptographic
> protection.  

I see your point.  However, even in that case some sort of SAP with
the use of keying material exported by EAP method would be needed to
verify the Channel Binding data between the peer and authenticator.
Note that PANA can do this verification based on integrity protected
PBR/PBA exchange.  Anyways, I think agreement just between the peer
and server is not sufficient for Channel Binding, as I mentioned in
other thread.

Yoshihiro Ohba