eap Mailing List: Re: Re: [802.1] Re: 802.1X interface variable

[Yoshihiro Ohba (yohba]

On Sat, Jan 10, 2004 at 01:40:21PM -0500, John Vollbrecht wrote:
> 
> I try to clarify the question below --
> 
> --On Friday, January 9, 2004 1:32 PM -0800 Yoshihiro Ohba 
> <yohba [at] tari.toshiba.com> wrote:
> 
> >On Wed, Jan 07, 2004 at 04:01:09PM -0500, John Vollbrecht wrote:
> >>
> >>I have some question about the cases.  See below -
> >>
> >>--On Friday, January 2, 2004 2:44 PM -0800 Yoshihiro Ohba
> >><yohba [at] tari.toshiba.com> wrote:
> >>
> >>> (A) One-way authentication without key derivation (e.g., MD5-Challenge)
> >>> (B) One-way authentication with key derivation
> >>> (C) Mutual authentication without key derivation
> >>> (D) Mutual authentication with key derivation
> >>>
> >>> Case A) does not provide protected method indication and thus the
> >>> authentication server cannot securely know whether the peer is
> >>> satisfied.  So, defining a new AAA attribute does not provide useful
> >>> information to the pass-through authenticator.
> >>
> >>is the assumption then that if there is no key that there is no mutual
> >>authentication?  Does this overload the key to mean that mutual
> >>authentication occurred?  Or can I only make a decision about whether I
> >>have a key?
> >
> >I am not sure I understand the question, but there is certainly a case
> >where there is mutual authentication but there is no key (derivation),
> >which is Case C).
> >
> The question is that suppose one uses TLS host only authentication (not 
> mutual).  Is it possible for (master) keys to be derived at authenticator 
> and peer?  I think this is possible and desirable for allowing access to a 
> walled garden environment.  Am I wrong?
> 

That case is another form of Case C).  I think host only
authentication is as vulnerable to rogue NAS attack as server only
authentication.  How the host can know whether it is connected to the
walled garden instead of the attacker's network without authenticating
the server? 

Yoshihiro Ohba