Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges

Bernard Aboba <aboba@internaut.com> Thu, 25 August 2005 15:06 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8JJL-0005YL-9J; Thu, 25 Aug 2005 11:06:35 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E8AXK-0002pM-7J for secmech@megatron.ietf.org; Thu, 25 Aug 2005 01:44:26 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16809 for <secmech@ietf.org>; Thu, 25 Aug 2005 01:44:25 -0400 (EDT)
Received: from outbound.mailhop.org ([63.208.196.171] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E8AXm-0006r1-23 for secmech@ietf.org; Thu, 25 Aug 2005 01:44:55 -0400
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com) by outbound.mailhop.org with esmtpa (Exim 4.51) id 1E8AXH-0007iO-Tc; Thu, 25 Aug 2005 01:44:24 -0400
Received: by internaut.com (Postfix, from userid 1000) id F116760DDC; Wed, 24 Aug 2005 22:44:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by internaut.com (Postfix) with ESMTP id E487A60DD8; Wed, 24 Aug 2005 22:44:22 -0700 (PDT)
X-Mail-Handler: MailHop Outbound by DynDNS.org
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.org (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Wed, 24 Aug 2005 22:44:22 -0700 (PDT)
From: Bernard Aboba <aboba@internaut.com>
To: Nicolas Williams <Nicolas.Williams@sun.com>
Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
In-Reply-To: <20050825041350.GV10174@binky.Central.Sun.COM>
Message-ID: <Pine.LNX.4.61.0508242241390.1628@internaut.com>
References: <Pine.GSO.4.60.0508221008260.1174@ismene> <1DCACCAC04655B3AFE9733A8@cumulus> <Pine.GSO.4.60.0508221047001.1307@ismene> <20050822154044.GE7789@binky.Central.Sun.COM> <430CA545.3020109@uni-tuebingen.de> <Pine.LNX.4.61.0508241113420.16086@internaut.com> <20050824213010.GO10174@binky.Central.Sun.COM> <Pine.LNX.4.61.0508241436250.21720@internaut.com> <430D0D2B.8050405@cs.umd.edu> <Pine.LNX.4.61.0508241724080.26080@internaut.com> <20050825041350.GV10174@binky.Central.Sun.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 7a6398bf8aaeabc7a7bb696b6b0a2aad
X-Mailman-Approved-At: Thu, 25 Aug 2005 11:06:33 -0400
Cc: secmech@ietf.org
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

> So, there could (should?) be a standard framework for transporting key
> material from the EAP server to the NAS, yes?  Is this covered in the
> EAP key management I-D?  Or does every EAP method have to provide its
> own EAP-server-->NAS key transport protocol?

The mechanisms for transporting EAP keying material from the AAA server to 
the NAS are described in RFC 4072 (Diameter EAP) and RFC 2548.  
These former is a Proposed Standard; the latter describes RADIUS VSAs that 
are in widespread usage.  These mechanisms are independent of the EAP 
method. 

The principle of method independence (and other EAP key  management 
issues) are described in the EAP Key Management Framework document. 

_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech