IETF Logo Mail Archive

Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03

Sam Hartman <hartmans@painless-security.com> Tue, 18 June 2013 18:39 UTC

Return-Path: <hartmans@painless-security.com>
X-Original-To: abfab@ietfa.amsl.com
Delivered-To: abfab@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D58BD11E80F7; Tue, 18 Jun 2013 11:39:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SvRUC7f+lfIX; Tue, 18 Jun 2013 11:39:18 -0700 (PDT)
Received: from mail.painless-security.com (mail.painless-security.com [23.30.188.241]) by ietfa.amsl.com (Postfix) with ESMTP id A88AE11E80F8; Tue, 18 Jun 2013 11:39:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.painless-security.com (Postfix) with ESMTP id 36D902013A; Tue, 18 Jun 2013 14:35:24 -0400 (EDT)
Received: from mail.painless-security.com ([127.0.0.1]) by localhost (mail.suchdamage.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xAFbtdoguduW; Tue, 18 Jun 2013 14:35:23 -0400 (EDT)
Received: from carter-zimmerman.suchdamage.org (unknown [10.1.10.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.painless-security.com (Postfix) with ESMTPS; Tue, 18 Jun 2013 14:35:23 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id 2DA9980047; Tue, 18 Jun 2013 14:39:05 -0400 (EDT)
From: Sam Hartman <hartmans@painless-security.com>
To: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
References: <8D3D17ACE214DC429325B2B98F3AE71298265158@MX15A.corp.emc.com> <tsl38sfbiyd.fsf@mit.edu> <A95B4818FD85874D8F16607F1AC7C628CF9E35@xmb-rcd-x09.cisco.com> <8D3D17ACE214DC429325B2B98F3AE712982652A5@MX15A.corp.emc.com> <A95B4818FD85874D8F16607F1AC7C628CFA26E@xmb-rcd-x09.cisco.com>
Date: Tue, 18 Jun 2013 14:39:05 -0400
In-Reply-To: <A95B4818FD85874D8F16607F1AC7C628CFA26E@xmb-rcd-x09.cisco.com> (Joseph Salowey's message of "Tue, 18 Jun 2013 17:47:03 +0000")
Message-ID: <tsl38sf9sc6.fsf@mit.edu>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: "abfab@ietf.org" <abfab@ietf.org>, "Black, David" <david.black@emc.com>, General Area Review Team <gen-art@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [abfab] Gen-ART review of draft-ietf-abfab-eapapplicability-03
X-BeenThere: abfab@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Application Bridging, Federated Authentication Beyond \(the web\)" <abfab.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/abfab>, <mailto:abfab-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/abfab>
List-Post: <mailto:abfab@ietf.org>
List-Help: <mailto:abfab-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/abfab>, <mailto:abfab-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 18:39:24 -0000

Joe, eap-lower-layer is not required for application authentication if
there's some other attribute that's specific to the lower layer.  For
example Moonshot sends gss-acceptor-service-name but does not currently
send eap-lower-layer, and doing that seems consistent with the
requirements of the channel binding spec.

Adding a requirement for eap-lower-layer all the time would be new, but
might be reasonable.

--Sam

v2.23.0 | Report a Bug | By Email