Dear all, I have been proposing to use a stronger way of channel binding, stronger in the sense that the keys generated by EAP methods cannot be used by a non-intended authenticator even if the keys are incorrectly delivered to such an authenticator. Key mixing with KDF (such as the one described in draft-ohba-eap-channel-binding-01.txt) is one solution for such stronger channel binding but there can be other ways such as tickets used by Kerberos.
I'd like to hear opinions from this list as to whether defining a strong channel binding is not required at all even as an experimental solution. Yoshihiro Ohba _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
