On Wednesday, April 11, 2007 12:09:24 PM -0700 Randy Presuhn
<randy_presuhn@xxxxxxxxxxxxxx> wrote:
Hi -
From: "Tom.Petch" <sisyphus@xxxxxxxxxxxxxx>
To: "ietf" <ietf@xxxxxxxx>
Sent: Wednesday, April 11, 2007 10:43 AM
Subject: Re: Last Call: draft-williams-on-channel-binding (On the Use
ofChannel Bindings to Secure Channels) to Proposed Standard
...
Otherwise those who would benefit from it - isms, netconf, syslog, ... ?
- will not understand what they might do. I appreciate that something
of this ilk has been around for a while (eg as when Ira McDonald pointed
the isms list at draft-puthenkulam-eap-binding-04.txt) but I think that
it got no traction because of its impenetrability.
...
In the isms WG, we were told that we could not use EAP.
http://www1.ietf.org/mail-archive/web/isms/current/msg00464.html
That's right; isms is outside of EAP's field of applicability. But
draft-williams-on-channel-bindings is not specifically about EAP, but
rather about a general class of problems that arises when protected
communications channels are established independently of authentication,
and an approach and method for solving those problems, particularly within
the context of various authentication frameworks.
As it turns out, ISMS doesn't need to work about this class of problems
because the approach we chose uses SSH, which provides both authentication
and a protected channel in an integrated manner. Now, if SSH for some
reason wanted to make use of a protected channel provided by TLS or, more
likely, IPsec, then it would need to worry about this class of problems,
and the solutions might well involve exposing new interfaces to ISMS and
other applications built on SSH. But for the moment, that's not really an
issue.
-- Jeff
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf