| Proposed Resolution to Issue 185: Key Framework Review | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Tue, 28 Oct 2003 21:37:09 -0600 (CST) | |
The text of Issue 185 is enclosed below. The proposed fix is as follows: In Section 1.2, change: " AAA-Key A key derived by the EAP peer and EAP server and transported to the authenticator. In 802.11 terminology, the first 32 octets of the AAA-Key is known as the Pairwise Master Key (PMK)." To: " AAA-Key A key derived by the EAP peer and EAP server and transported to the authenticator. In IEEE 802.11 terminology, the first 32 octets of the AAA-Key is known as the Pairwise Master Key (PMK)." In Section 1.3.3, change: "[2] Generation of fresh transient session keys. This is typically" To: "[2] Generation of fresh transient session keys (TSKs). This is typically" In Section 1.4 change: Within EAP, "fast handoff" is defined as a conversation in which the EAP exchange (phase 1a) and associated AAA passthrough is bypassed, so as to reduce latency. Depending on the fast handoff mechanism, AAA-Key transport (phase 1b) may also be bypassed in favor a context transfer (see [IEEE80211f] and [I-D.aboba-802-context]) or it may be provided in a pre-emptive manner as in [IEEE-03-084] and [I-D.irtf-aaaarch-handoff]." To: "Within EAP, "fast handoff" is defined as a conversation in which the EAP exchange (phase 1a) and associated AAA passthrough is bypassed, so as to reduce latency. Depending on the fast handoff mechanism, AAA-Key transport (phase 1b) may also be bypassed or it may be provided in a pre-emptive manner as in [IEEE-03-084] and [I-D.irtf-aaaarch-handoff]." In Section 1.4.1, change: "Similarly, in a network where access is restricted based on the day and time, SSID, Calling-Station-Id or other factors, unless the" To: "Similarly, in a network where access is restricted based on the day and time, Service Set Identifier (SSID), Calling-Station-Id or other factors, unless the" In Section 2.2 change: "Master Session Key (MSK) Keying material (at least 64 octets) that is derived between the EAP client and server and exported by the EAP method." To: "Master Session Key (MSK) Keying material that is derived between the EAP peer and server and exported by the EAP method. The MSK is at least 64 octets in length. In existing implementations a AAA server acting as an EAP server transports the MSK to the authenticator. Extended Master Session Key (EMSK) Additional keying material derived between the EAP client and server that is exported by the EAP method. The EMSK is at least 64 octets in length. The EMSK is reserved for future uses that are not defined yet and is not provided to a third party." Delete the existing definition of the EMSK. Change: "Initialization Vector (IV) A quantity of at least 64 octets, suitable for use in an initialization vector field, that is derived between the EAP client and server. Since the IV is a known value in methods such as EAP-TLS [RFC2716], it cannot be used by itself for computation of any quantity that needs to remain secret. As a result, its use has been deprecated and EAP methods are not required to generate it." To: "Initialization Vector (IV) A quantity of at least 64 octets, suitable for use in an initialization vector field, that is derived between the EAP client and server. Since the IV is a known value in methods such as EAP-TLS [RFC2716], it cannot be used by itself for computation of any quantity that needs to remain secret. As a result, its use has been deprecated and EAP methods are not required to generate it. However, when it is generated it MUST be unpredictable." In Section 2.3, Figure 3, delete ", TEK Deriv." from the figure. ------------------------------------------------------- Issue 185: Key Framework Review Submitter name: Russ Housley Submitter email address: housley [at] vigilsec.com Date first submitted: October 15, 2003 Reference: http://www.drizzle.com/~aboba/EAP/draft-ietf-eap-keying-00-comment.txt Document: Keying Framework-00 Comment type: T Priority: S Section: Various Rationale/Explanation of issue: Here is my review of the Key Framework document: http://www.drizzle.com/~aboba/EAP/draft-ietf-eap-keying-00-comment.txt
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.