[Emu] 答复: Re: draft-cakulev-emu-eap-ibake

Hi，Hannes， > > > I personally believe that you will not get the necessary support > from the EMU working group to get the charter changed and the group > interested in IBE. > I can tell you that I will not spend my time on it. > > My reasons are being less excited are: > * Identity based cr

[Emu] 答复: RE: 答复: Re: draft-cakulev-emu-eap-ibake

Hi，Hannes > > Regarding the revocation issue: If the client’s credentials get > revoked then he must not be able to successfully authenticate to the > AAA server anymore. Done. I don’t see how this can get any easier > regardless of the authentication protocol. on revocation issue, Traditi

Re: [Emu] New draft on mutual crypto binding problem

Hi, Sam I have the following questions concerning your new draft on mutual crypto binding 1."What name types are supported and what configuration is easy to perform depends significantly on the peer in question." The issue comes when human beings are involved to verify a certifcate, but if the

[Emu] on draft-hartman-emu-mutual-crypto-bind-00

In Section 2 draft-hartman-emu-mutual-crypto-bind-00， "The print server offers a tunnel method towards the peer. The print server extracts the inner method from the tunnel and sends it on towards the AAA server. Channel binding happens at the tunnel method though. So, the print server is

Re: [Emu] I-D Action: draft-ietf-emu-chbind-15.txt

Hi，all In section 9.1 ， “One attractive implementation strategy for channel binding is to add channel binding support to a tunnel method which can tunnel an inner EAP authentication.”was expected to introducing implementing channel binding on tunnel, but was sudden to turn to cryptograp

Re: [Emu] I-D Action: draft-ietf-emu-chbind-15.txt

Sam Hartman 写于 2012-05-16 20:26:40: > > The explicit structure of > that paragraph was called out for WG review prior to IETF last call; > also that structure was present in IETF last call. I do not wish to > wait to reach consensus on general comments about proes/cons of > implementing channel

[Emu] 答复: Re: I-D Action: draft-ietf-emu-chbind-15.txt

Regards~~~ -Sujing Zhou Sam Hartman 写于 2012-05-17 20:46:55: > >>>>> "zhou" == zhou sujing writes: > > > zhou> If there is another key available, it will be great, EMSK? It > zhou> has been suggested for cryptographic binding. > >

[Emu] 答复: Re: I-D Action: draft-ietf-emu-chbind-15.txt

Regards~~~ -Sujing Zhou Sam Hartman 写于 2012-05-17 20:46:55: > >>>>> "zhou" == zhou sujing writes: > > > zhou> If there is another key available, it will be great, EMSK? It > zhou> has been suggested for cryptographic binding. > >

[Emu] 答复: Re: I-D Action: draft-ietf-emu-chbind-15.txt

Regards~~~ -Sujing Zhou Sam Hartman 写于 2012-05-17 20:46:55: > >>>>> "zhou" == zhou sujing writes: > > > zhou> If there is another key available, it will be great, EMSK? It > zhou> has been suggested for cryptographic binding. > >

[Emu] 答复: Updated secdir review of draft-ietf-emu-chbind-15.txt

emu-boun...@ietf.org 写于 2012-05-19 06:10:19: > The last paragraph of section 9.1 points out a security problem > with implementing channel bindings using EAP tunnel methods. If > the EAP tunnel method terminates on the authenticator, the channel > bindings can easily be defeated by the authenticat

[Emu] reference Information about channel binding and crypto binding

I found 3 references may be helpful: 1. http://tools.ietf.org/html/draft-ohba-eap-channel-binding-02 [EAP-CHANNEL] Ohba, Y., Parthasrathy, M., and M. Yanagiya, "Channel Binding Mechanism Based on Parameter Binding in Key Derivation", In this approach the

[Emu] A review Re: [Nea] I-D Action: draft-ietf-nea-pt-eap-02.txt

Section 1 "The other type of PT, PT-TLS [I-D.ietf-nea-pt-tls], operates before the endpoint gains any access to the IP network. " ==>should be "after the endpoint have gained access to the IP network" "PT-EAP is an inner EAP [RFC3748] method designed to be used under a protected tunnel suc

Re: [Emu] A review Re: [Nea] I-D Action: draft-ietf-nea-pt-eap-02.txt

> On Jun 6, 2012, at 12:09 PM, Sam Hartman wrote: > > > I don't believe that existing crypto binding is adequate for NEA's needs > > as discussed in draft-hartman-emu-mutual-crypto-binding. > > > > Unfortunately, though, I'm not sure that tls-unique helps enough here. If > > the outer method ac

[Emu] 答复: Re: on draft-hartman-emu-mutual-crypto-bind-00

Regards~~~ -Sujing Zhou Sam Hartman 写于 2012-06-29 02:06:00: > >>>>> "zhou" == zhou sujing writes: > > zhou> To my understanding, right prior to finishing tunnel > establishement, EAP peer > zhou> and EAP Server(print server in t

[Emu] 答复: Re: New draft on mutual crypto binding problem

How does EMSK break intermediate AAA servers？ Regards~~~ -Sujing Zhou emu-boun...@ietf.org 写于 2012-06-29 02:25:44: > > "Hao" == Hao Zhou writes: > > Hao> Sam: > Hao> This is a well thought and well written draft, it covers a > lot of background > Hao> and aspect of the attack

[Emu] 答复: RE: Re: New draft on mutual crypto binding problem

Regards~~~ -Sujing Zhou "Zhangdacheng (Dacheng)" 写于 2012-07-03 11:41:49: > I think you try to ask why ESMK can be used to detect the attackers > who try to impersonate other honest servers. > > Unlike MSK, EMSK will never be transported over the network and then > cannot be accessed by attac

[Emu] 答复: Re: 答复: RE: Re: New draft on mutual crypto binding problem

Regards~~~ -Sujing Zhou "Hao Zhou (hzhou)" 写于 2012-07-10 00:33:21: > We are talking about the case of separation of outer EAP method and > inner method (intermediate AAA terminates the EAP tunnel and have a > separate AAA server for the inner method). Since EMSK from the inner > method never

[Emu] 答复: Re: A review Re: [Nea] I-D Action: draft-ietf-nea-pt-eap-02.txt

Hi, Nancy, "Nancy Cam-Winget (ncamwing)" 写于 2012-07-15 11:34:55: > > "Finally, it describes how the tls-unique channel binding [RFC5929] > may be used to PA-TNC exchanges >to the EAP tunnel method, defeating MITM attacks such as the > Asokan attack [Asokan]." > ==> The sentence is e