On Mar 1, 2013, at 7:15 AM, Sam Hartman <hartmans-i...@mit.edu> wrote:
>>>>>> "Jim" == Jim Schaad <i...@augustcellars.com> writes: >>> There doesn't seem to be a way for a server to request channel >>> binding. If that's true we should probably add the following: >>> Since a server cannot indicate a desire for channel binding, >>> clients that > Jim> have >>> channel binding data to send SHOULD include channel-binding TLV >>> in a request-action TLV if mutual authentication (section 3.11) >>> succeeded. > > Jim> If this is true - then I agree it is a flaw. > > Jim> I think that one could send a channel-binding TLV with no data > Jim> to request that a client send channel binding data back. This > Jim> should not cause any significant problems. > > If that's permitted then it should be explicitly documented. > > I think that if this is permitted, everyone who implements channel > binding needs to be required to support this. > > Jim> One could then have Channel-binding server->peer - no data > Jim> Channel-binding peer->server - here is my data Channel-binding > Jim> server->peer - here is my data > > Again, let's document this if it is permitted. > It's clear the spec is unclear if you and I read if differently. > [Joe] THis is a reasonable request. We'll need to make sure there is no ambiguity in the use of the empty message. Should this be covered in RFC 6677? > Jim> However I believe that the client can initiate this by just > Jim> sending the channel binding TLV in the clear and not in a > Jim> request if the client wants to initiate it. > > My reading is that you cannot send a channel binding outside of a > request. This needs clarification as well if we're reading it > differently. [Joe] I'm not sure what you are asking here. What is meant be sending the CB TLV "in the clear and not in a request"? do you mean a request-action TLV? > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
