So then the stuff to bind to exists but no spec says "the EAP channel bindings for this kind of L2 association is XYZ" and we all have a good idea of what that text should read like, right? On Mon, Apr 09, 2007 at 03:52:31PM -0700, Bernard Aboba wrote: > No one has defined the format of channel bindings and with the > possible exception of 802.11r I don't know of any lower layer that has > clearly defined what identity should be bound for that layer. > > [BA] As outlined in RFC 3748 and the EAP Key Management Framework, channel binding matching is designed to be a mechanical process, which implies that they are communicated in the form of AAA attributes. > > For example, the following AAA attributes can be sent from the NAS to the AAA server for IEEE 802: > > Called-Station-Id: Authenticator Port MAC address or AP BSSID (potentially with the SSID) > Calling-Station-Id: Supplcant MAC address > NAS-Identifier: Authenticator identifier (IEEE 802.11r R1KH-ID) > > >How do I know what the lower layer identity is unless the lower layer > >spec tells me > > Lower layer specifications already define the source MAC addresses (e.g. IEEE 802), and in some cases, authenticator identities (IEEE 802.11r). So no additional lower layer standards are required. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf