Hi.
One of EMU's goals is to produce methods that meet requirements of RFC 4962 and hopefully the EAP keying framework. I've been a bit concerned about what you are going to do about channel bindings. It seems clear that EAP channel bindings are not mature enough that we want to require all your methods support them--especially not the EAP TLS draft that is on my plate now. However channel bindings seem important for meeting the RFC 4962 requirements to authenticate all parties and limit the key scope. So, how do we proceed? I was discussing the issue with Tim, Russ and Jari. They had what I think is good advice. I'm going to ask that you show that it would be possible to extend any method you send to me to support channel bindings in an interoperable manner in the future. I would want to understand that it is possible to make it work with old clients or old EAP servers. Once I'm convinced it is possible to add in the future, I will be OK on the channel bindings issue. does this seem reasonable? Sam Hartman Security Area Director _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
