>>>>> "Hao" == Hao Zhou <hz...@cisco.com> writes:
Hao> Sam: Hao> This is a well thought and well written draft, it covers a lot of background Hao> and aspect of the attacks and mitigations. However, I have few comments: Thanks! You listed a set of drawbacks to EMSK-based crypto binding. Hao> A. Mutual crypto-binding required the use of EMSK, not all existing EAP Hao> method generate and export EMSK. It will also break intermediate AAA Hao> servers. More importantly, it would only work for an EAP method that Hao> generates keys. Part of the goal of Tunnel Method is to protect weak Hao> authentication or EAP method, this would not benefits them. These drawbacks to EMSK-based cryptographic binding are documented; thanks. Hao> D. Enforcing server policy would be another good way to go, if server can Hao> demand tunnel method only, eliminate the chance of inner method MSK being Hao> sent to the attacker. As discussed in the draft, you actually need a number of conditions beyond just that. However I agree server policy is another important mitigation, which is why the draft recommends it. Hao> 2. I am not sure "Mutual Crypto-binding" is a good term, as the existing Hao> crypto-binding is already mutually authenticating the peer and the server. Hao> Maybe more accurate to be called "Crypto-binding based on EMSK" or "Extended Hao> Crypto-binding" etc. I think of mutual cryptographic binding as crypto binding that provides defense against these sort of attacks (and personally don't consider existing cryptographic binding to really qualify as "mutual".) I think though that describing this new mechanism as EMSK-based cryptographic binding is good. We may have other mechanisms that meet the security goals of mutual cryptographic binding and it is always desirable to separate mechanism from abstraction. I've tried to start that transition in the next version of the draft. Thanks very much for pointing this out. Doubtless we'll have another round of improving terminology. Again, thanks so much for your comments. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu