Re: [Emu] Comments on draft-hartman-emu-mutual-crypto-bind

Sun, 25 Mar 2012 05:20:21 -0700 

>>>>> "Jim" == Jim Schaad <i...@augustcellars.com> writes:


    Jim> 3.  3.2.3 or 3.2.2 - If you had a non EAP method, and it
    Jim> derived a key (just like a good EAP method).  Is there any
    Jim> reason why you could not do the cryptographic binding?  Other
    Jim> than it is not currently defined in one of the current
    Jim> tunneling methods.  One could see that it could be defined as
    Jim> saying after you do this, then perform the same binding as any
    Jim> key deriving EAP method would do,.

I guess.  I don't know that key expert is really defined for the non-EAP
inners in a well-defined manner.  But yes, I think something like this
would be a good idea, although I'm not sure it is practical when
compared to just forcing EAP inner methods.

    Jim> 4.  Section 3.2.4 - Item #4 - did you mean that it MUST prevent
    Jim> an attacker from downgrading the binding from mutual to just
    Jim> MSK-based?  Also if the down grade occurs, do you still want to
    Jim> claim that it is still mutual if step 4 is downgraded?  The
    Jim> current text implies this to me and that seems wrong.

I'd love to discuss this with you in person if you're available.

    Jim> 5.  Section 3.2.4 - last paragraph - the last sentence confuses
    Jim> the heck out of me.

And everyone else; it's wrong:-)
Will propose fixes to this and other comments.

    Jim> 6. Section 4.2 - I don't understand why things like doing
    Jim> channel binding require that a mutual authentication be
    Jim> present.  I can understand a statement that the peer MUST have
    Jim> doing an adequate job of authenticating the server, but I am
    Jim> less clear why the server needs to have authenticated the
    Jim> client.  Thus for example I think that cryptographic binding
    Jim> should be sufficient to deal with these cases.  (i.e. Tunnel is
    Jim> authenticated to certificate and mutual auth is tied to the
    Jim> tunnel).

I think there's an assumption that EAP always provides peer
authentication (although sometimes to an anonymous identity, isn't
semantics fun?) so mutual auth and server auth are synonyms.

And draft-ietf-emu-chbind has required mutual auth since well before I
started working on it. I didn't re-evaluate that requirement.

    Jim> Jim


    Jim> _______________________________________________ Emu mailing
    Jim> list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu

Reply via email to