> -----Original Message-----
> From: Yoshihiro Ohba [mailto:yohba tari.toshiba.com]
> Sent: Monday, May 08, 2006 12:06 PM
> To: Salowey, Joe
> Cc: Yoshihiro Ohba; Bernard Aboba; eapfrascone.com
> Subject: Re: [eap] Re: Issue 352: Channel Binding Issue
>
> On Mon, May 08, 2006 at 10:42:44AM -0700, Salowey, Joe
wrote:
> >
> >
> > > -----Original Message-----
> > > From: Yoshihiro Ohba [mailto:yohbatari.toshiba.com]
> > > Sent: Monday, May 08, 2006 9:35 AM
> > > To: Salowey, Joe
> > > Cc: Yoshihiro Ohba; Bernard Aboba; eapfrascone.com
> > > Subject: Re: [eap] Re: Issue 352: Channel
Binding Issue
> > >
> > > On Mon, May 08, 2006 at 09:17:35AM -0700,
Salowey, Joe wrote:
> > > > > > [Joe] Obsoleted by what?
> > > > >
> > > > > I'd say by CB with key mixing.
> > > > >
> > > > [Joe] I don't agree. For one there are
usages of EAP which
> > > do not use
> > > > EAP keying material so key mixing will
not work for them.
> > > >
> > >
> > > Can you elaborate on the usages you mentioned
above?
> > >
> > [Joe] 802.1x
>
> If EAP keying material is not used for secure
association at all, I
> don't think CB is possible because an attacker
authenticator can
> simply spoof legitimate authenticator's parameters.
This can happen
> in the case of wired 802.1X as well. Am I wrong?
>
[Joe] The same argument applies to peer entity
authentication without
ongoing data authentication. However this is still deployed
and appears
to be somewhat useful. I don't think this is the place to
discuss the
merits of 802.1x.
> Yoshihiro Ohba
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|