On Fri, Apr 06, 2007 at 02:41:09PM -0400, Charles Clancy wrote:
Sam,
In skimming through Nico's draft, it looks like EAP's crypto bindings look
something like GSS channel bindings.
Note: my I-D does not describe GSS channel binding -- it describes
channel binding. The reference to GSS channel binding is there as an
informative, historical note.
EAP's channel bindings, on the other hand, don't really look like GSS
channel bindings. In order for EAP's channel binding to look like GSS
channel binding, EAP channel binding would have to cryptographically bind
an L2 security association to EAP keys -- but that's not what it's doing.
It's binding L2 identities to EAP keys. In fact, there's no reason it has
^^^^^^^^^^^^^
When the identities of the two end-points of a channel are: a)
cryptographically bound into that channel b) such that other channels
between different pairs of end-points could not have the same end-point
identities, THEN we can call that pair of channel end-points identities
"end-point channel bindings" -- as my I-D explains.
to be an L2 identity. It can be any identity that's meaningful to the
parties involved, and can serve as the basis for making authorization
decisions.
As long as it's cryptographically bound to the L2 channel and that
channel provides suitable protection for the EAP method doing the EAP
channel binding, THEN Sam's observation is correct: "EAP channel
binding" uses what I termed "end-point channel binding" and "EAP
cryptographic binding" uses what I termed "unique channel binding."
Perhaps you could abstract the definition of channel bindings even further
such that all three are subsets of some common terminology... but that
sounds painful.
No, I think we did just that, but I had not noticed that, in fact, the
two kinds of EAP binding map to the two kinds of channel binding
described in my draft. Thanks Sam!
Nico
--
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf