Re: Last Call: draft-williams-on-channel-binding (On the Use ofChannel Bindings to Secure Channels) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Wednesday, April 11, 2007 12:09:24 PM -0700 Randy Presuhn <randy_presuhn@xxxxxxxxxxxxxx> wrote:

Hi -

From: "Tom.Petch" <sisyphus@xxxxxxxxxxxxxx>
To: "ietf" <ietf@xxxxxxxx>
Sent: Wednesday, April 11, 2007 10:43 AM
Subject: Re: Last Call: draft-williams-on-channel-binding (On the Use
ofChannel Bindings to Secure Channels) to Proposed Standard
...
Otherwise those who would benefit from it - isms, netconf, syslog, ... ?
- will not understand what they might do.  I appreciate that something
of this ilk has been around for a while (eg as when Ira McDonald pointed
the isms list at draft-puthenkulam-eap-binding-04.txt) but I think that
it got no traction because of its impenetrability.
...

In the isms WG, we were told that we could not use EAP.
http://www1.ietf.org/mail-archive/web/isms/current/msg00464.html

That's right; isms is outside of EAP's field of applicability. But draft-williams-on-channel-bindings is not specifically about EAP, but rather about a general class of problems that arises when protected communications channels are established independently of authentication, and an approach and method for solving those problems, particularly within the context of various authentication frameworks.

As it turns out, ISMS doesn't need to work about this class of problems because the approach we chose uses SSH, which provides both authentication and a protected channel in an integrated manner. Now, if SSH for some reason wanted to make use of a protected channel provided by TLS or, more likely, IPsec, then it would need to worry about this class of problems, and the solutions might well involve exposing new interfaces to ISMS and other applications built on SSH. But for the moment, that's not really an issue.

-- Jeff

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]