I don't believe that existing crypto binding is adequate for NEA's needs as discussed in draft-hartman-emu-mutual-crypto-binding.
Unfortunately, though, I'm not sure that tls-unique helps enough here. If the outer method actually does provide server authentication as deployed, then tls-unique is adequate. TLS-unique is preferable to crypto-binding because it allows you to determine whether you're talking about the right tunnel in the scope of the inner method--prior to doing the NEA assessment--rather than in the scope of the outer method. (Also, I'd assume this method does not generate a particularly useful key, so crypto binding is not that helpful) However, if you're depending on something other than the outer method for server authentication, then TLS-unique is not good enough. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
