This topic has been discussed before on the EAP mailing list, here
are some references:
http://lists.frascone.com/pipermail/eap/msg04381.html
http://lists.frascone.com/pipermail/eap/msg04385.html
http://lists.frascone.com/pipermail/eap/msg04366.html
and more available at:
http://lists.frascone.com/pipermail/eap/threads.html
Lakshminath
At 05:55 AM 10/5/2006, Yoshihiro Ohba wrote:
Dear all,
I have been proposing to use a stronger way of channel binding,
stronger in the sense that the keys generated by EAP methods cannot be
used by a non-intended authenticator even if the keys are incorrectly
delivered to such an authenticator. Key mixing with KDF (such as the
one described in draft-ohba-eap-channel-binding-01.txt) is one
solution for such stronger channel binding but there can be other ways
such as tickets used by Kerberos.
I'd like to hear opinions from this list as to whether defining a
strong channel binding is not required at all even as an experimental
solution.
Yoshihiro Ohba
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu
