On Fri, Apr 06, 2007 at 02:41:09PM -0400, Charles Clancy wrote:
> Sam,
>
> In skimming through Nico's draft, it looks like EAP's crypto bindings look
> something like GSS channel bindings.
Note: my I-D does not describe GSS channel binding -- it describes
channel binding. The reference to GSS channel binding is there as an
informative, historical note.
> EAP's channel bindings, on the other hand, don't really look like GSS
> channel bindings. In order for EAP's channel binding to look like GSS
> channel binding, EAP channel binding would have to cryptographically bind
> an L2 security association to EAP keys -- but that's not what it's doing.
> It's binding L2 identities to EAP keys. In fact, there's no reason it has
^^^^^^^^^^^^^
When the identities of the two end-points of a channel are: a)
cryptographically bound into that channel b) such that other channels
between different pairs of end-points could not have the same end-point
identities, THEN we can call that pair of channel end-points identities
"end-point channel bindings" -- as my I-D explains.
> to be an L2 identity. It can be any identity that's meaningful to the
> parties involved, and can serve as the basis for making authorization
> decisions.
As long as it's cryptographically bound to the L2 channel and that
channel provides suitable protection for the EAP method doing the EAP
channel binding, THEN Sam's observation is correct: "EAP channel
binding" uses what I termed "end-point channel binding" and "EAP
cryptographic binding" uses what I termed "unique channel binding."
> Perhaps you could abstract the definition of channel bindings even further
> such that all three are subsets of some common terminology... but that
> sounds painful.
No, I think we did just that, but I had not noticed that, in fact, the
two kinds of EAP binding map to the two kinds of channel binding
described in my draft. Thanks Sam!
Nico
--
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf