Hi Sam, This does sound reasonable. Some questions for the group to solidify what it means to support channel bindings:
1) Is encryption required or is integrity protection enough. In my opinion integrity protection should be sufficient since channel bindings communicate parameters that are visible from the lower layer. 2) Should EAP channel bindings be sent from the peer to server, server to peer, or both. It seems that it would be more deployable to support peer to server. It probably would be desirable to support both. 3) How much data is necessary to carry? Would 100 - 200 bytes be sufficient? Thanks, Joe > -----Original Message----- > From: Sam Hartman [mailto:[EMAIL PROTECTED] > Sent: Friday, September 14, 2007 5:55 AM > To: emu@ietf.org > Subject: [Emu] Proposed way forward: emu and channel bindings > > > > Hi. > > One of EMU's goals is to produce methods that meet requirements of RFC > 4962 and hopefully the EAP keying framework. > > I've been a bit concerned about what you are going to do > about channel bindings. It seems clear that EAP channel > bindings are not mature enough that we want to require all > your methods support them--especially not the EAP TLS draft > that is on my plate now. > However channel bindings seem important for meeting the RFC > 4962 requirements to authenticate all parties and limit the key scope. > > > So, how do we proceed? > I was discussing the issue with Tim, Russ and Jari. > They had what I think is good advice. > > I'm going to ask that you show that it would be possible to > extend any method you send to me to support channel bindings > in an interoperable manner in the future. I would want to > understand that it is possible to make it work with old > clients or old EAP servers. Once I'm convinced it is > possible to add in the future, I will be OK on the channel > bindings issue. > > does this seem reasonable? > > Sam Hartman > Security Area Director > > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www1.ietf.org/mailman/listinfo/emu > _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
