Sam,
Your observation is brilliant. Yes, I agree, "EAP channel binding" and
"EAP cryptographic binding" map to what my draft calls "end-point
channel binding" and "unique channel binding," respectively. I had not
noticed this before.
Also, I think my draft's definition of "end-point channel bidning" needs
to be tightened just a bit: not only must the end-point IDs be
cryptographically bound into the channel, it must also be the case that
the IDs meaningfully identify the channel end-points -- that is, that
one nodes cannot assert the same ID as another without sharing
credentials with it. I think my text implies this but does not make it
sufficiently explicit.
Nico
--
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf