List Info

Thread: issue 325 - channel bindings
issue 325 - channel bindings
user name
 2006-03-07 04:43:30 
 
> It may be too late to make comment on this, but if we
agree on only
> the server has the knowledge of the Channel Binding
values, I really
> don't see any value on carrying Channel Bindings over
EAP methods
> compared to the other method of using the Channel
Bindings for key
> derivation.  Please correct if my view is wrong.
> 
Yes, i miss the value in just the server and peer checking
for consitency
in values. Unless the server can check the values against a
pre-configured
database, channel bindings is of little use. Or if there is
some use,
someone should explain what it is.

-mohan

> Yoshihiro Ohba
> 
> 
> On Mon, Mar 06, 2006 at 04:01:51AM -0800, Bernard Aboba
wrote:
> > How about this?
> > 
> > "Channel Bindings include lower layer
parameters that
> > are verified for consistency between the EAP peer
and server.
> > In order to avoid introducing media dependencies,
EAP
> > methods that transport Channel Binding data MUST
treat this
> > data as opaque octets.
> > 
> > Typically the EAP method imports Channel Bindings
from the
> > lower layer on the peer, and transmits them
securely to the
> > EAP server, which exports them to the lower layer
or AAA layer.  However,
> > transport may occur from EAP server to peer, or
may be
> > bi-directional.  On the side of the exchange (peer
or server)
> > where Channel Bindings are verified, the lower
layer or AAA layer passes
> > the result of the verification (TRUE or FALSE) up
to the
> > EAP method.
> > 
> > While the verification can be done either by the
peer
> > or the server, typically only the server has the
knowledge to
> > determine the correctness of the values, as
opposed to merely
> > verifying their equality."
> > 
> > 
> >
____________________________________________________________
_____
> > To unsubscribe or modify your subscription
options, please visit:
> > http:/
/lists.frascone.com/mailman/listinfo/eap
> > 
> > Arhives: http://lists.
frascone.com/pipermail/eap
> > 
>
____________________________________________________________
_____
> To unsubscribe or modify your subscription options,
please visit:
> http:/
/lists.frascone.com/mailman/listinfo/eap
> 
> Arhives: http://lists.
frascone.com/pipermail/eap
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )