Joe Salowey said:
"[Joe] I don't think a general discussion of authorization belongs in the channel bindings document. Channel bindings is much smaller scope than the general authorization problem. Is there something about channel bindings that is unclear in the document? " I would agree that a general discussion of authorization does not belong in the Channel Bindings document, and that Channel Bindings has much smaller scope. However, the Channel Bindings document currently does discuss the generic authorization problem - suggesting that Channel Bindings is a solution to that problem in addition to the "Lying NAS" problem. This represents a basic misunderstanding of the nature of Channel Bindings that has lead to some of the confusion on the list. The problem begins in Section 1. Rather than summarizing the nature of Channel Bindings within the Introduction, the document launches into a discussion of the "lying NAS" problem, and then, within the same section, discusses "another current limitation of EAP" which is "minimal ability to perform authorization." The document defines EAP channel bindings as the solution to both of these problems. This is clearly wrong - EAP Channel Bindings as defined in RFC 3748 and 5247 is not a generic authorization mechanism, and the Channel Binding document should not assert that it is. In doing so, the Channel Bindings document is inconsistent with the RFC 3748 and RFC 5247 definitions of Channel Bindings.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
