Sam Hartman <hartmans-i...@mit.edu> 写于 2012-05-16 20:26:40: > > The explicit structure of > that paragraph was called out for WG review prior to IETF last call; > also that structure was present in IETF last call. I do not wish to > wait to reach consensus on general comments about proes/cons of > implementing channel binding with tunnel methods prior to approval of > this document.
Well,no matter what's the result, I don't like the logic in the current text, it is not clear and easy to confusing the two bindings. > Thus I prefer the current text. > > Channel binding can happen before or after the MSK is generated, but > effectively needs to happen after some key is generated. > > I would expect that the key used for channel binding integrity would be > cryptographically independent of the MSK. > I've not analyzed a method where the MSK is used for channel binding but > this is done prior to transport to the authenticator. > That's probably safe, but it seems like a bad design strategy because it > seems needlessly fragile. > So, I'd be nervous about that strategy and would recommend independent > keys for channel binding. If there is another key available, it will be great, EMSK? It has been suggested for cryptographic binding. > > I disagree. > I'd ask you to take a look at the slides I presented at IETF 83. I think > they are more clear than draft-hartman-emu-mutual-crypto-binding at the > moment, although obviously we will update that draft in the near future > to reflect your comments and those of others. If EMSK is used in channel binding, is cryptophic binding using EMSK still neccesary? > > That would be a change to existing EAP methods in some cases. > That sort of change is out of scope for draft-ietf-emu-chbind. > It's true that channel binding benefits from protected success > indications and the current draft-ietf-emu-chbind does discuss that. If EMSK is used, then no change to existing EAP methods will be made. That will be fine.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
