| Re: Proposed Resolution to Issue 357: Channel Binding Definition | <– Date –> <– Thread –> |
From: Narayanan, Vidya (vidyan qualcomm.com)
|
|
| Date: Tue, 6 Jun 2006 22:19:16 -0700 (PDT) | |
Hi Bernard, The proposed text by Jari went through some revisions as I recall, based on some discussions on the list. Here is the latest on that text I pulled out from one of Jari's email, subsequent to the discussions: "I'd be happy to restrict the definition to peer and server agreeing that they have the same view of the channel properties claimed by the authenticator. (But part of the distinction may also be in the specific implementation of the "agreement"; what we are looking for is that the values agree, without specifying who sends the values and who verifies them.)" Based on the above, how about the following definition? "Channel Binding A secure mechanism for ensuring that a chosen set of channel properties (such as authenticator identifiers and properties) are agreed upon by the EAP peer and server." Vidya > -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > Sent: Saturday, June 03, 2006 6:41 PM > To: eap [at] frascone.com > Subject: [eap] Proposed Resolution to Issue 357: Channel > Binding Definition > > The text of Issue 357 is enclosed below. The proposed > resolution is to accept the definition proposed by Jari Arkko: > > "Channel Binding > > A secure mechanism for ensuring that a chosen set of channel > properties (such as endpoint identifiers) are agreed upon by > the EAP peer, authenticator and server." > > -------------------------------------------------------------- > ---------------------------------- > Issue 357: Channel Binding Definition > Submitter name: Vidya Narayanan > Submitter email address: vidyan [at] qualcomm.com Date Submitted: > May 1, 2006 > Reference: http://lists.frascone.com/pipermail/eap/msg04227.html > Document: KEYING-12 > Comment type: 'T'echnical > Priority: '1' Should fix > Section: 1.2 > Rationale/Explanation of issue: > The document defines channel binding > as a communication within an EAP method - this seems a bit > restrictive, given that channel binding information could be > carried out-of-band as well. The only requirement is that the > information be integrity protected between the peer and server. > > Requested change: > Change wording to: > > "The communication of integrity-protected channel properties > such as endpoint identifiers which can be compared to values > communicated via out of band mechanisms (such as via a AAA or > lower layer protocol)." > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
-
Re: Proposed Resolution to Issue 357: Channel Binding Definition Narayanan, Vidya, June 6 2006
-
Re: Proposed Resolution to Issue 357: Channel Binding Definition Yoshihiro Ohba, June 7 2006
-
Re: Proposed Resolution to Issue 357: Channel Binding Definition Bernard Aboba, June 7 2006
- Re: Proposed Resolution to Issue 357: Channel Binding Definition Yoshihiro Ohba, June 7 2006
- Re: Proposed Resolution to Issue 357: Channel Binding Definition Bernard Aboba, June 7 2006
-
Re: Proposed Resolution to Issue 357: Channel Binding Definition Bernard Aboba, June 7 2006
-
Re: Proposed Resolution to Issue 357: Channel Binding Definition Yoshihiro Ohba, June 7 2006
Results generated by Tiger Technologies using MHonArc.