[Emu] reference Information about channel binding and crypto binding
zhou.sujing@zte.com.cn Fri, 01 June 2012 02:12 UTC
Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: emu@ietfa.amsl.com
Delivered-To: emu@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AB1011E80E0 for <emu@ietfa.amsl.com>; Thu, 31 May 2012 19:12:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.212
X-Spam-Level:
X-Spam-Status: No, score=-95.212 tagged_above=-999 required=5 tests=[AWL=2.422, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, RCVD_DOUBLE_IP_LOOSE=0.76, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dCoTx2fakaq9 for <emu@ietfa.amsl.com>; Thu, 31 May 2012 19:12:16 -0700 (PDT)
Received: from mx5.zte.com.cn (mx6.zte.com.cn [95.130.199.165]) by ietfa.amsl.com (Postfix) with ESMTP id 5B11B11E8072 for <emu@ietf.org>; Thu, 31 May 2012 19:12:15 -0700 (PDT)
Received: from [10.30.17.100] by mx5.zte.com.cn with surfront esmtp id 286201794749335; Fri, 1 Jun 2012 10:12:12 +0800 (CST)
Received: from [10.30.3.20] by [192.168.168.16] with StormMail ESMTP id 93950.1794749335; Fri, 1 Jun 2012 10:11:54 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id q512C3CN059896 for <emu@ietf.org>; Fri, 1 Jun 2012 10:12:03 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
In-Reply-To: <20120525203919.12631.2129.idtracker@ietfa.amsl.com>
To: emu@ietf.org
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OF788ADC8B.8FEFB4F6-ON48257A10.000B2792-48257A10.000C20C0@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Fri, 01 Jun 2012 10:11:48 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.1FP4|July 25, 2010) at 2012-06-01 10:12:04, Serialize complete at 2012-06-01 10:12:04
Content-Type: multipart/alternative; boundary="=_alternative 000C20BF48257A10_="
X-MAIL: mse01.zte.com.cn q512C3CN059896
Subject: [Emu] reference Information about channel binding and crypto binding
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2012 02:12:17 -0000
I found 3 references may be helpful: 1. http://tools.ietf.org/html/draft-ohba-eap-channel-binding-02 [EAP-CHANNEL] Ohba, Y., Parthasrathy, M., and M. Yanagiya, "Channel Binding Mechanism Based on Parameter Binding in Key Derivation", In this approach the EAP method includes channel binding parameters in the calculation of exported EAP keying material, making it impossible for the peer and authenticator to complete the Secure Association Protocol if there is a mismatch in the channel binding parameters. However, this approach can only be applied where methods generating EAP keying material are used along with lower layers that utilize EAP keying material. For example, this mechanism would not enable verification of channel binding on wired IEEE 802 networks using [IEEE-802.1X]. It talked about technique mentioned in current channel binding. 2. in rfc 5247 section 5.3.4. Mutual Authentication Using EMSK in crypto binding was mentioned, maybe helpful in current crypto binding "Since the compound key MUST NOT be known to an attacker posing as an authenticator, and yet must be derived from EAP keying material, it MAY be desirable to derive the compound key from a portion of the EMSK. Where this is done, in order to provide proper key hygiene, it is RECOMMENDED that the compound key used for man-in-the-middle protection be cryptographically separate from other keys derived from the EMSK." 3. also in rfc 5247 TEKs are output from EAP methods and were designed to secure the channel, couldn't they be used in channel binding or crypto binding? "Transient EAP Keys (TEKs) Session keys that are used to establish a protected channel between the EAP peer and server during the EAP authentication exchange. The TEKs are appropriate for use with the ciphersuite negotiated between EAP peer and server for use in protecting the EAP conversation. The TEKs are stored locally by the EAP method and are not exported. Note that the ciphersuite used to set up the protected channel between the EAP peer and server during EAP authentication is unrelated to the ciphersuite used to subsequently protect data sent between the EAP peer and authenticator. " +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ---+ | | ^ | EAP Method | | | | | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+ | | | | | | | | | | | EAP Method Key |<->| Long-Term | | | | | Derivation | | Credential | | | | | | | | | | | | | +-+-+-+-+-+-+-+ | Local to | | | | | EAP | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Method | | | | | | | | | | | | | | | | | | | | | | | | | | | +-+-+-+-+-+-+ +-+-+-+-+-+-+ +-+-+-+-+-+-+-+ | | | | | TEK | |MSK, EMSK | |IV | | | | | |Derivation | |Derivation | |Derivation | | | | | | | | | |(Deprecated) | | | | | +-+-+-+-+-+-+ +-+-+-+-+-+-+ +-+-+-+-+-+-+-+ | | | | ^ | | | | | | | | | | V +-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+ ---+ | | | | ^ | | | | Exported | | Peer-Id(s), | channel | MSK (64+B) | IV (64B) by | | Server-Id(s), | bindings | EMSK (64+B) | (Optional) EAP | | Session-Id | & Result | | Method | V V V V V Regards~~~ -Sujing Zhou emu-bounces@ietf.org 写于 2012-05-26 04:39:19: > The IESG has approved the following document: > - 'Channel Binding Support for EAP Methods' > (draft-ietf-emu-chbind-16.txt) as Proposed Standard > > This document is the product of the EAP Method Update Working Group. > > The IESG contact persons are Sean Turner and Stephen Farrell. > > A URL of this Internet Draft is: > http://datatracker.ietf.org/doc/draft-ietf-emu-chbind/ > > > > > Technical Summary > > This document defines how to implement channel bindings for > Extensible Authentication Protocol (EAP) methods to address > the lying NAS as well as the lying provider problem. > > Working Group Summary > > This document has had extensive review in the EMU working > group. The document has clear applicability in ABFAB and > Network Access use cases. > > Document Quality > > Project Moonshot, an ABFAB implementation, is working on an > implementation of this document. > > Personnel > > Joe Salowey (jsalowey@cisco.com), EMU working group co-chair, is the > Working Group Shepherd for this document. > Sean Turner (turners@ieca.com) is the responsible AD. > > RFC Editor Note > > Two things: > > 1) s9.1: r/subvirt/subvert > > 2) Title page (xml2rfc fun on the title page): > > OLD: > > T. Clancy > Department of Electrical > Engineering and Computer Science > > NEW: > > T. Clancy > Virginia Tech > > > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >