[Emu] Channel binding (Re: Chennal binding)
Lakshminath Dondeti <ldondeti@qualcomm.com> Wed, 22 August 2007 16:38 UTC
Return-path: <emu-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1INtEF-0004UY-HW; Wed, 22 Aug 2007 12:38:47 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1INtEE-0004US-3b for emu@ietf.org; Wed, 22 Aug 2007 12:38:46 -0400
Received: from ithilien.qualcomm.com ([129.46.51.59]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1INtED-0005cl-Kd for emu@ietf.org; Wed, 22 Aug 2007 12:38:46 -0400
Received: from neophyte.qualcomm.com (neophyte.qualcomm.com [129.46.61.149]) by ithilien.qualcomm.com (8.13.6/8.12.5/1.0) with ESMTP id l7MGcf0I007636 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 22 Aug 2007 09:38:42 -0700
Received: from [129.46.78.94] (ldondeti.na.qualcomm.com [129.46.78.94]) by neophyte.qualcomm.com (8.13.6/8.13.6/1.0) with ESMTP id l7MGcf7h019128 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 22 Aug 2007 09:38:41 -0700
Message-ID: <46CC6691.2010409@qualcomm.com>
Date: Wed, 22 Aug 2007 09:38:41 -0700
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Sam Hartman <hartmans-ietf@mit.edu>
References: <AC1CFD94F59A264488DC2BEC3E890DE5044ECE60@xmb-sjc-225.amer.cisco.com> <tslmywku5d0.fsf@mit.edu> <46CBBDC3.50300@deployingradius.com> <46CBBF61.8070207@qualcomm.com> <tsld4xfokmi.fsf_-_@mit.edu>
In-Reply-To: <tsld4xfokmi.fsf_-_@mit.edu>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb
Cc: emu@ietf.org
Subject: [Emu] Channel binding (Re: Chennal binding)
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
Sam, We discussed channel binding before the publication of 4962 (I was reminded recently that draft-housley-aaa-key-mgmt is now a published document :) ) and concluded (I think) that the language in 4962 should just mirror the language of 3748. I think that is what 4962 in fact does: "As described in RFC 3748 in Section 7.15, channel binding is required to enable the peer to verify that the authenticator claim of identity is both consistent and correct." As to what needs to be done for channel binding, I would echo what Bernard said recently "With respect to Channel Bindings, it should be understood that no proposals for this have ever been implemented, as far as I am aware. So a first step would be for a method to choose one of the approaches to Channel Bindings and support it (probably as an experimental extension), and then to evaluate the experiment so we can understand how well (or badly) the chosen approach works. At that point we might be ready to support Channel Bindings in other methods. " best regards, Lakshminath On 8/22/2007 4:48 AM, Sam Hartman wrote: >>>>>> "Lakshminath" == Lakshminath Dondeti <ldondeti@qualcomm.com> writes: > > Lakshminath> I would like to see the crypto-binding stuff (not > Lakshminath> compound binding -- as others have noted, we don't > Lakshminath> have consensus on that topic) and extensibility (how > Lakshminath> to add new attributes) specified. > > > I'd really appreciate it if someone would think hard about the > interactions of draft-housley-aaa-key-mgmt and channel binding. I'd > like to understand whether we can meet all the requirements of that > BCP without channel binding and if not, what we need to do about it. > > _______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
- [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- AW: [Emu] Crypto-binding in TTLS-v0 Tschofenig, Hannes
- RE: [Emu] Crypto-binding in TTLS-v0 Stephen Hanna
- RE: AW: [Emu] Crypto-binding in TTLS-v0 Bernard Aboba
- Re: AW: [Emu] Crypto-binding in TTLS-v0 Hannes Tschofenig
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Ryan Hurst
- Re: [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- RE: [Emu] Crypto-binding in TTLS-v0 Glen Zorn (gwz)
- Re: AW: [Emu] Crypto-binding in TTLS-v0 Bernard Aboba
- RE: [Emu] Crypto-binding in TTLS-v0 Bernard Aboba
- RE: [Emu] Crypto-binding in TTLS-v0 David B. Nelson
- RE: [Emu] Crypto-binding in TTLS-v0 Joseph Salowey (jsalowey)
- RE: [Emu] Crypto-binding in TTLS-v0 Joseph Salowey (jsalowey)
- RE: [Emu] Crypto-binding in TTLS-v0 Stephen Hanna
- RE: [Emu] Crypto-binding in TTLS-v0 Stephen Hanna
- RE: [Emu] Crypto-binding in TTLS-v0 Matthew Gast
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- [Emu] Channel binding (Re: Chennal binding) Lakshminath Dondeti
- RE: [Emu] Crypto-binding in TTLS-v0 Ryan Hurst
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- RE: [Emu] Crypto-binding in TTLS-v0 Nancy Winget (ncamwing)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Hannes Tschofenig
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 david@mitton.com
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] focus on deployed protocols Bernard Aboba
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Hao Zhou (hzhou)
- Re: [Emu] Crypto-binding in TTLS-v0 Jouni Malinen
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- RE: [Emu] Crypto-binding in TTLS-v0 Hao Zhou (hzhou)
- Re: [Emu] Crypto-binding in TTLS-v0 Lakshminath Dondeti
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- [Emu] Chennal binding Sam Hartman
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- RE: [Emu] Crypto-binding in TTLS-v0 Gene Chang (genchang)
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Alan DeKok
- Re: [Emu] Crypto-binding in TTLS-v0 Sam Hartman