eap Mailing List: RE: Summary of Key Scoping issues (fwd)

[Joseph Salowey (jsalowey]

I'm a bit confused by the terminology, especially EAP SA and AAA-key
comments in line.

Joe

> SCOPE, ENFORCEMENT
> 
> 1. Can an EAP SA have multi-machine scope?
> 
>     Tentative answer: I would say that it can't have multi-machine
>     scope. However, I'd suggest that the way to avoid this is to
>     say so explicitly -- "The peer MUST NOT provide keys
>     produced by EAP methods to a third party." (Bernard,
>     Aug 28)
> 
>     I don't think an EAP SA can have multi-machine scope, because
>     when a symmetric key crosses machine (or even address space)
>     boundaries, it has to be considered compromised without very
>     special assumptions that are apparent to the (lower case) peer.
>     (Jesse, Aug 28)
> 

[Joe] Can you define an EAP SA?  In the case where an EAP-Server/AAA
server is involved there is an SA derived between the EAP-Peer and the
EAP-Server, is this the SA.  Keys derived from this SA are at least
distributed to one other party (this might be a sun-SA).  This is
already a multi-machine scope.  So I'm not quite sure what is meant by
EAP SA.  I think one difficulty here is that in general EAP is defined
transparent to the existence of a AAA.  When you intorduce keying
security then it is hard to hide these architectural differences.

> 2. Can a peer do an EAP authentication on one port 
> (Calling-Station-Id),
>     then move to another authenticator and do a "fast resume"
>     on another port (different Calling-Station-Id)?
> 
>     Tentative answer: This is the same problem we have been discussing
>     in other guises. When the Peer can determine that the "different"
>     ports are on the "same" machine, then this should be allowed.
>     (Jesse, Aug 28)

[Joe] Hmmm... Is authenticaiton identitical to establishing an SA or are
they two different (but related) things.


> 3. Can a NAS with multiple Called-Station-Ids share AAA-keys
>     between ports with different Called-Station-Ids? For
>     example, can an EAP peer call in on one Called-Station-Id,
>     then call back on another one, demonstrate knowledge of the
>     AAA-Key and continue where it left off?
> 
>     Tentative answer: The problem with this is the peer cannot
>     distinguish this situation from a case where the key has been
>     compromised. While it is desirable, we need some way to bind
>     the same NAS identifier onto all of its interfaces, and then
>     find some way to securely convey this information to the peer.
>     (Jesse, Aug 28)
> 
[Joe] Can we also define what AAA Key is?  Is it a master key held by
AAA? Is it a key transmitted from AAA to AP?