| Issue with the draft EAP Key Management framework: No name for the "top EAP keying material" | <– Date –> <– Thread –> |
From: Florent Bersani (florent.bersani francetelecom.com)
|
|
| Date: Tue, 16 Dec 2003 02:09:26 -0600 (CST) | |
Description of issue: No name for the "top EAP keying material"
Submitter name: Florent Bersani
Submitter email address: florent.bersani [at] francetelecom.com
Date first submitted: 12/16/2003
Document: Document Requiring change: Keying Framework
Comment type: 'E'
Priority: '2'
Section: 2.2
Rationale/Explanation of issue:
Although the EAP hierarchy is very clearly described in section 2.2, I experienced some difficulties to present it to colleagues for a trivial reason: the top EAP key (i.e. the one that is somehow involved in the MK derivation e.g Ki in the EAP-SIM method, the private keys associated to the digital certificates used within EAP-TLS) does not appear to have a name. Things would become easier if there was standard terminology.
Requested change:
Proposed changes to the document.
Add to section 2.2 at the beginning of the different key types enumerations:
EAP Permanent Key (PK):
To perform authentication and key exchange, an EAP method uses a permanent secret. This secret MAY belong either to the symmetric cryptography or asymmetric cryptography category.
Add to appendix B:
"Pre-master secret": created or exchanged thanks to the PK which are digital certificates in the case of TLS
[This wording "created or exchanged" wants to encompass all the TLS possibilities: RSA, DH,...]
[In general, I don't like very much my wording but issue submitters have to propose solutions to their issues, don't they ;-)?]
Submitter name: Florent Bersani
Submitter email address: florent.bersani [at] francetelecom.com
Date first submitted: 12/16/2003
Document: Document Requiring change: Keying Framework
Comment type: 'E'
Priority: '2'
Section: 2.2
Rationale/Explanation of issue:
Although the EAP hierarchy is very clearly described in section 2.2, I experienced some difficulties to present it to colleagues for a trivial reason: the top EAP key (i.e. the one that is somehow involved in the MK derivation e.g Ki in the EAP-SIM method, the private keys associated to the digital certificates used within EAP-TLS) does not appear to have a name. Things would become easier if there was standard terminology.
Requested change:
Proposed changes to the document.
Add to section 2.2 at the beginning of the different key types enumerations:
EAP Permanent Key (PK):
To perform authentication and key exchange, an EAP method uses a permanent secret. This secret MAY belong either to the symmetric cryptography or asymmetric cryptography category.
Add to Figure 2: "(PK)" near the text "EAP method" in the top left corner of the figure "(MK)" in the box labeled "EAP Method Key Derivation"
Add to Figure 3: "PK," before "(MSK,TEKs)"
Add to Figure 4: "PK," before "(MSK,TEKs)"
Add to appendix B:
"Pre-master secret": created or exchanged thanks to the PK which are digital certificates in the case of TLS
[This wording "created or exchanged" wants to encompass all the TLS possibilities: RSA, DH,...]
[In general, I don't like very much my wording but issue submitters have to propose solutions to their issues, don't they ;-)?]
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.