On Fri, Apr 06, 2007 at 02:41:09PM -0400, Charles Clancy wrote: > Sam, > > In skimming through Nico's draft, it looks like EAP's crypto bindings look > something like GSS channel bindings. Note: my I-D does not describe GSS channel binding -- it describes channel binding. The reference to GSS channel binding is there as an informative, historical note. > EAP's channel bindings, on the other hand, don't really look like GSS > channel bindings. In order for EAP's channel binding to look like GSS > channel binding, EAP channel binding would have to cryptographically bind > an L2 security association to EAP keys -- but that's not what it's doing. > It's binding L2 identities to EAP keys. In fact, there's no reason it has ^^^^^^^^^^^^^ When the identities of the two end-points of a channel are: a) cryptographically bound into that channel b) such that other channels between different pairs of end-points could not have the same end-point identities, THEN we can call that pair of channel end-points identities "end-point channel bindings" -- as my I-D explains. > to be an L2 identity. It can be any identity that's meaningful to the > parties involved, and can serve as the basis for making authorization > decisions. As long as it's cryptographically bound to the L2 channel and that channel provides suitable protection for the EAP method doing the EAP channel binding, THEN Sam's observation is correct: "EAP channel binding" uses what I termed "end-point channel binding" and "EAP cryptographic binding" uses what I termed "unique channel binding." > Perhaps you could abstract the definition of channel bindings even further > such that all three are subsets of some common terminology... but that > sounds painful. No, I think we did just that, but I had not noticed that, in fact, the two kinds of EAP binding map to the two kinds of channel binding described in my draft. Thanks Sam! Nico -- _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf