On Wed, Apr 11, 2007 at 11:03:29PM -0700, Lakshminath Dondeti wrote:
After having reviewed "draft-williams-on-channel-binding-01," I feel
that putting EAP in scope of that document would require a rather
involved revision of the document. As Charles noted it might require
further abstraction of the concept of channel binding as defined in
draft-williams.
Now, I must say, I do see the similarities between the two notions of
channel binding. But the EAP/AAA model is unique and it is not easy to
map it to the other, let's say simpler, security models. The notion of
compound binding or crypto binding also has some similarities to the
notion of channel binding in draft-williams-on-channel-binding-01, but
there are also some differences.
Overall though, since expanding draft-williams-on-channel-binding-01's
scope to EAP means that the requirements, recommendations and
suggestions of Section 2.1 may be applied to EAP channel binding, it
would be a rather painful exercise to sort it all out. For now, I am
comfortable with the guidance in Section 7.15 of 3748.
My impression was that Sam's suggested text was introductory and
informative, and not at all intended to cause this doc to normatively
constrain EAP.
I think that having a single abstraction that can describe what went by
multiple names in different areas can be very useful because it
facilitates cross-area communication. And missing an opportunity to
point out how two things are more similar than they look would help
perpetuate a perception that those two things are more different than
they actually are.
Nico
--
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf