After reviewing recent comments from Klaas on the list on Channel bindings there is one issue I would like to try to resolve before bringing this draft to last call.
In section 5.1, the draft defines a message i2, which is the message carrying AAA attributes from the authenticator to the server using a AAA protocol. While, this message does occur in the protocol interactions, it is actually not that important in the channel binding interactions because the server does not completely trust the authenticator and must know what is valid through some other mechanism, such as the local database defined in the draft. I think this section is a bit misleading and needs to emphasize this point. This is further confused by the fact that in some sections the draft focuses entirely on AAA attributes to carry channel-binding information. While AAA attributes are undoubtedly important to carry it does not appear that they should be the only type of data allowed especially since the AAA protocol is not required to be directly involved other than to carry EAP. This is demonstrated by the "TODO" 7.3 which suggests we need to add a way to carry the 802.11 RSN-IE. Since AAA protocols haven't needed to carry this information to date, it is not clear that adding this information to them would be helpful. Given this I would suggest the following modifications to the draft: 1. In sections 5.1 and 5.2 clarify the role of message i2 with respect to channel bindings. 2. In section 6.1 define channel binding data as a superset of AAA attributes. In particular the last paragraph needs work and seems inconsistent with 7.1 which allows for the inclusion of Diameter attributes without the exclusion of other attributes. 3. Sections 7.1, 7.2, 7.3 only recommend comparing information with what is received from the NAS and not about comparing with local information 4. Section 8 is about AAA validation and is not channel bindings, is this section necessary? If the working group agrees with this direction I can provide text for the changes. Please send comments to the list. Thanks, Joe _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
