ietf
[Top] [All Lists]

Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03

2013-06-18 15:02:27

On Jun 18, 2013, at 11:39 AM, Sam Hartman 
<hartmans(_at_)painless-security(_dot_)com>
 wrote:

Joe, eap-lower-layer is not required for application authentication if
there's some other attribute that's specific to the lower layer.  For
example Moonshot sends gss-acceptor-service-name but does not currently
send eap-lower-layer, and doing that seems consistent with the
requirements of the channel binding spec.

Adding a requirement for eap-lower-layer all the time would be new, but
might be reasonable.


[Joe] Ah yes, I remember this.  It would be simpler to just use eap lower-layer 
attribute.  I think we could massage the text to say something like "eap 
lower-layer layer attribute or equivalent attribute indicating the EAP lower 
layer in use" .   Let me see what I can do with the text David provided.  


--Sam