Archive

Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges

Charles Clancy <clancy@cs.umd.edu> Wed, 24 August 2005 17:50 UTC

Date: Wed, 24 Aug 2005 13:45:19 -0400 (EDT)
From: Charles Clancy <clancy@cs.umd.edu>
To: Ali Fessi <ali.fessi@uni-tuebingen.de>
Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
In-Reply-To: <430CA545.3020109@uni-tuebingen.de>
Message-ID: <Pine.GSO.4.60.0508241335240.11596@ismene>
References: <Pine.GSO.4.60.0508191330380.16954@ismene> <20050819210308.GI6659@binky.Central.Sun.COM> <20050820031035.GA5352@isc.upenn.edu> <43074F76.8000604@cs.umd.edu> <20050822044255.GC27685@isc.upenn.edu> <Pine.GSO.4.60.0508220801430.1114@ismene> <35850EE42DFD2824F0DDBBC8@cumulus> <Pine.GSO.4.60.0508221008260.1174@ismene> <1DCACCAC04655B3AFE9733A8@cumulus> <Pine.GSO.4.60.0508221047001.1307@ismene> <20050822154044.GE7789@binky.Central.Sun.COM> <430CA545.3020109@uni-tuebingen.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: secmech@ietf.org, Bernard Aboba <aboba@internaut.com>
Precedence: list
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

On Wed, 24 Aug 2005, Ali Fessi wrote:

> - What is the benefit of having a TGT as a result of the authentication 
> for EAP?!! With native Kerberos, the TGT is used to get a service ticket 
> from the TGS to access kerberized services. What would be here the 
> kerberized service?! is it just the "network access"?! or is anyone 
> planning to realize different kerberized services at layer 2? Is this a 
> new requirement for 802.11?

Not only would it allow you to obtain a TGT, it would also allow you to 
use an existing TGT to get a "service ticket" for network access.  This is 
probably the less-likely scenario though, since talking to a KDC requires 
network access in the first place.

Consider the case of Win32 AFS on a laptop.  You sign onto the wireless 
network, and you can get a service ticket for AFS without having to 
reauthenticate to the KDC.

Another interesting idea would be to treat each 802.11i AP as a service, 
and you could obtain service tickets for them as you roam.

> - Would PKINIT really be an advantage for EAP?! The point with PKINIT is 
> that it supports authentication of the client with public key 
> cryptography. But isn't this already covered by EAP-TLS?

Well it gets you a TGT.  As long as you think getting a TGT is a good 
idea, then PKINIT would seem useful.

[ t. charles clancy ]--[ tcc@umd.edu ]--[ www.cs.umd.edu/~clancy ]
[ computer science ]-----[ university of maryland | college park ]

_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech

[SECMECH] Framework Bindings Vs. Mechanism Bridges Salowey, Joe
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Ali Fessi
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Jari Arkko
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Shumon Huque
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Josh Howlett
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Nicolas Williams
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Salowey, Joe
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy
RE: [SECMECH] Framework Bindings Vs. Mechanism Br… Bernard Aboba
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Clint Chaplin
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… 1und1
Re: [SECMECH] Framework Bindings Vs. Mechanism Br… Charles Clancy