eap Mailing List: Re: Proposed Resolution to Issue 357: Channel Binding Definition

[Bernard Aboba (bernard_aboba]

> > Based on the above, how about the following definition?
> >
> > "Channel Binding
> >
> > A secure mechanism for ensuring that a chosen set of channel properties
> > (such as authenticator identifiers and properties) are agreed upon by
> > the EAP peer and server."
>
> After Jari's email, I created a thread "Channel Binding analysis" for
> further discussion.  I still believe three party agreement is
> essential for Channel Binding.  To me the two party agreement
> mentioned above looks similar to issueing a Kerberos ticket that is
> never verified by the consumers of the ticket.

The text mentions authenticator identifiers and properties, which presumably 
were agreed upon by the authenticator that sent them (unless it's a 
forgery).   However, there are also properties which don't relate to the 
authenticator itself (such as Calling-Station-Id) but are transmitted by the 
authenticator (e.g. to the backend server).   Are there any cases where a 
property to be verified by Channel Bindings is *not* transmitted by the 
authenticator?  Would the following work?

"A secure mechanism for ensuring that a subset of the parameters transmitted 
by the authenticator (such as authenticator identifiers and properties) are 
agreed upon by the EAP peer and server."

I'm not sure what the definition of a "channel property" is in this case.  
One could argue for example that the Calling-Station-Id is not a property of 
the channel -- but its verification is still considered part of Channel 
Bindings.