On Thu, Dec 03, 2009 at 10:18:48PM -0500, Michael Richardson wrote: > Dan Harkins wrote: > > 2. solves the specific problem it is aimed at poorly-- doubling of > > the number of messages, requiring writing and testing of new > > state EAP state machines that are, otherwise, unnecessary; and, > > Does it double, or does it really just "n+1", which is doubling if the > rest of the protocol has "n=1"? I also wonder if this is really a > sufficiently compelling reason to have two sets of code. > > > 3. is insecure (unless something used nowhere today is employed: EAP > > channel bindings). > > We can, and must solve this.
It's not just EAP channel binding that you need, but EAP cryptographic binding. Remember: what EAP calls "channel binding" is very different from the meaning of "channel binding" used elsewhere (RFC5056 describes the difference in terminology); EAP cryptographic binding is closer to the more generic (IMO) meaning of channel binding. (Just trying to avoid confusion!) Nico -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
