Hi Bernard,
Bernard Aboba wrote:
Sam also suggested to add channel bindings and to address
internalization support in a proper way.
Do you mean internationalization?
Typo.
Yes. That's what I meant.
If so, I'm not quite sure what this means. RFC 4282 supports
internationalization of the NAI. Are we talking about
internationalization of error messages? For TLS-based EAP methods
this will often depend on TLS internationalization support.
Sam mentioned it in context of password based EAP methods.
With respect to Channel Bindings, it should be understood that no
proposals for this have ever been implemented, as far as I am aware.
So a first step would be for a method to choose one of the approaches
to Channel Bindings and support it (probably as an experimental
extension), and then to evaluate the experiment so we can understand
how well (or badly) the chosen approach works. At that point we might
be ready to support Channel Bindings in other methods.
Doesn't RFC 4962 mandate that channel binding has to be provided by an
EAP method. At least it gets mentioned every time in discussions about
new EAP methods.
The market does not seem to be excited about a number of aspects. One
the other hand we write documents and mandate things that do not seem to
have any chance for deployment.
Ciao
Hannes
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu