Lakshminath Dondeti <> scribbled on Sunday, February 03, 2008 1:30 PM:
There was also the issue of not being able to export EAP session IDs
(IIRC) that I referred to in my other message.
Hmmm. draft-ietf-eap-keying-22.txt says
EAP methods supporting key derivation and mutual authentication
SHOULD export a method-specific EAP conversation identifier known as
the Session-Id, as well as one or more method-specific peer
identifiers (Peer-Id(s)) and MAY export one or more method-specific
server identifiers (Server-Id(s)). EAP methods MAY also support the
import and export of channel binding parameters. EAP method
specifications developed after the publication of this document MUST
define the Peer-Id, Server-Id and Session-Id. The Peer-Id(s) and
Server-Id(s), when provided, identify the entities involved in
generating EAP keying material. For existing EAP methods the Peer-Id,
Server-Id and Session-Id are defined in Appendix A.
Not sure where the "can't export session IDs" idea came from, but the
above would seem to contradict it.
Ietf mailing list