Alan DeKok [mailto:[email protected]] writes:
> Glen Zorn wrote: > > Alan DeKok [mailto:[email protected]] writes: > >> This proxying violates the privacy requirements. > > > > What privacy requirements are those? > > The requirement to keep authentication credentials private, which is > one of the reasons for choosing a TLS-based method in the first place. Are you confused? We're talking about being able to authenticate the visited network, not tunnel method requirements... > > >> Unless I'm missing something, that would require standards action, > as > >> there is no document describing TLS inside of TTLS. > > > > EAP-TTLS provides for the transport of EAP inside the TLS tunnel. > > Is there a document describing that? Will implementations be > interoperable without a document? What security and privacy issues are > there with doing that? RFC 5281. > > >> There is no > >> document describing how the client could perform the certificate > checks > >> against the local network information, so that would require > standards > >> action, too. > > > > Why? I thought that we were talking about commercial entities here: > > certainly roaming consortia can specify how they want to take care of > > internal matters... > > Roaming was just one example. Even with roaming, there are multiple > roaming consortia, for multiple purposes. Standardizing a > cross-consortia method for channel bindings would appear to be useful to > the wider Internet Community, and well within the scope of the IETF. How does this affect the fact that the stated goal of making sure that the network to which the client is attached is the one that was advertised? > > Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
