Doesn't RFC 4962 mandate that channel binding has to be provided by an EAP method. At least it gets mentioned every time in discussions about new EAP methods.
As far as I can tell, there is no channel binding requirement in RFC 4962. RFC 4017 lists Channel Binding as optional. During EAP WG review, the argument against recommending (or requiring) Channel Bindings was that there were several models for Channel Bindings, but none had been standardized; implementation experience was also limited (or non-existent). So the argument was that we could not mandate or recommend support for something that unproven.
The market does not seem to be excited about a number of aspects. One the other hand we write documents and mandate things that do not seem to have any chance for deployment.
It's one thing to mandate something that is doable, but which people may not choose to deploy. It's another thing to mandate something which we don't know how to do.
A good first step might be to specify channel binding support as an optional feature in at least one method, and get an implementation to test. Then at least we'd have some experience for further discussion.
_______________________________________________ Emu mailing list Emu@ietf.org https://www1.ietf.org/mailman/listinfo/emu
