>>>>> "Joe" == Joe Salowey <jsalo...@cisco.com> writes:
Joe> The basic reason for this is that EAP methods have a well Joe> defined mechanism to output key material. There hasn't been a Joe> mechanism to import data into a method, channel bindings may Joe> change this. OK, but I'm not sure this quite gets you the properties you want. As best I can tell: * The server wants assurance that if an inner method is somehow lifted out of a tunneled exchange, the inner method cannot be used alone or in a different tunnel. * The client wants assurance that it's talking to a consistent server so that you only end up having to authenticate the server at one level. Impersonating peers to servers and impersonating servers to peers both have value to an attacker in different situations. I think these are the properties you want (And I think the definition in RFC 3748 is a bit under specified) and I'm not sure how what you've described gets that. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu