So then the stuff to bind to exists but no spec says "the EAP channel
bindings for this kind of L2 association is XYZ" and we all have a good
idea of what that text should read like, right?
On Mon, Apr 09, 2007 at 03:52:31PM -0700, Bernard Aboba wrote:
No one has defined the format of channel bindings and with the
possible exception of 802.11r I don't know of any lower layer that has
clearly defined what identity should be bound for that layer.
[BA] As outlined in RFC 3748 and the EAP Key Management Framework, channel
binding matching is designed to be a mechanical process, which implies that
they are communicated in the form of AAA attributes.
For example, the following AAA attributes can be sent from the NAS to the AAA
server for IEEE 802:
Called-Station-Id: Authenticator Port MAC address or AP BSSID (potentially
with the SSID)
Calling-Station-Id: Supplcant MAC address
NAS-Identifier: Authenticator identifier (IEEE 802.11r R1KH-ID)
How do I know what the lower layer identity is unless the lower layer
spec tells me
Lower layer specifications already define the source MAC addresses (e.g. IEEE
802), and in some cases, authenticator identities (IEEE 802.11r). So no
additional lower layer standards are required.
Ietf mailing list