Over lunch, we discovered why it is that you want to require mutual authentication and channel binding all the time for gss-eap.
The reason is that we're introducing a new application into the system. Consider the following. 1) EAP is used for network access. Since that's the only application and since mutual authentication is not important in a particular deployment for that, EAP mechanisms that do not provide mutual authentication are used. 2) A new application, such as e-mail with TLS authentication for e-mail is deployed. 3) An attacker pretends to be an access point towards a client captures authentication credentials and then uses them to access the user's mail. By increasing the number of possible services we've created a situation where security has been decreased. To avoid this, at most one service may permit authentication without establishing which service is involved. That service is already network access. For that reason, I think that draft-ietf-gss-eap should be revised to be consistent with the applicability statement rather than revising the applicability statement to be more permissive. _______________________________________________ abfab mailing list [email protected] https://www.ietf.org/mailman/listinfo/abfab
