Steve Hanna did a secdir review of draft-ietf-emu-chbind. One of the issues he raised is a privacy concern with section 8. He points out that we recommend using the user-name attribute in channel binding. The concern is that if a server checks user-name in i2 against user-name in i1, then a NAS might be able to get an EAP server to act as an oracle for privacy protected identities.
That is: 1) Peer identifies to NAS as @example.com 2) NAS thinks peer might actually be b...@example.com. 3) NAS tries that in user-name. 4) If it's not b...@example.com then channel binding fails. He suggested documenting this issue. I'd like to take a step back and ask why you'd ever want to channel-bind user-name in the first place? I guess the theory is that your EAP method supports channel binding but does not have a well-defined concept of peer ID or support identity protection/transporting method-specific identity? My proposal is that we stop recommending channel binding to user-name rather than documenting the issues associated with doing so. --Sam _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu