No one has defined the format of channel bindings and with the
possible exception of 802.11r I don't know of any lower layer that has
clearly defined what identity should be bound for that layer.
possible exception of 802.11r I don't know of any lower layer that has
clearly defined what identity should be bound for that layer.
[BA] As outlined in RFC 3748 and the EAP Key Management Framework, channel binding matching is designed to be a mechanical process, which implies that they are communicated in the form of AAA attributes.
For example, the following AAA attributes can be sent from the NAS to the AAA server for IEEE 802:
Called-Station-Id: Authenticator Port MAC address or AP BSSID (potentially with the SSID)
Calling-Station-Id: Supplcant MAC address
NAS-Identifier: Authenticator identifier (IEEE 802.11r R1KH-ID)
>How do I know what the lower layer identity is unless the lower layer
>spec tells me
Lower layer specifications already define the source MAC addresses (e.g. IEEE 802), and in some cases, authenticator identities (IEEE 802.11r). So no additional lower layer standards are required.
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf