| Re: EAP Key Management Framework doubt | <– Date –> <– Thread –> |
From: Rafa Marín López (rafa dif.um.es)
|
|
| Date: Wed, 21 Jan 2004 09:27:04 -0500 (EST) | |
Rafa Marín López wrote:
--
------------------------------------------------------
Rafael Marin Lopez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
Telf: +34968367645 e-mail: rafa [at] dif.um.es
------------------------------------------------------
Hello Jari
Iniatilly in Figure 4 , authenticator box has a MSK written on it. So I could understand which MSK is transported.... about text... page 30
Utilizing the AAA protocol, the authenticator and backend
authentication server mutually authenticate and derive session keys
known only to them, used to provide per-packet integrity and replay
protection, authentication and confidentiality. ---> The MSK is distributed by the backend authentication server to the authenticator
over this channel, bound to attributes constraining its usage, as
part of the AAA-Token. ----> The binding of attributes to the MSK within a
protected package is important so the authenticator receiving the
AAA-Token can determine that it has not been compromised, and that
the keying material has not been replayed, or mis-directed in some
So I think it would be better to say something like : AAA - key is carried to authenticator and it could be the MSK (as appendix E tells)
Regards...
Jari Arkko wrote:
Rafa Marín Lopez wrote:
Figure 4 shows that MSK is placed on Authenticator but only AAA-key is transported from AAA server... ? ... furthermore the text tells MSK is transported to Authenticator... in another places AAA-key is carried ... I think it would be better to say : AAA - key is carried to authenticator and it could be the MSK (as appendix E tells)... what do you think?
I'm not sure I can find the place that you find confusing. Can you point us to the location in the text where it says that the MSK is transported to the authenticator?
Or perhaps its this text:
The MSK and EMSK are used to derive the AAA-Key and key name which are enclosed within the AAA-Token, transported to the NAS by the AAA server, and used within the secure association protocol for derivation of Transient Session Keys (TSKs) required for the negotiated ciphersuite.
This may be confusing, as the subject of transportation is not perhaps clear. How about this instead:
The MSK and EMSK are used to derive the AAA-Key and key name. AAA-Key
and key name are enclosed within the AAA-Token, which is transported to the
NAS by the AAA server, and used within the secure association protocol for
derivation of Transient Session Keys (TSKs) required for the
negotiated ciphersuite.
--Jari
--
------------------------------------------------------
Rafael Marin Lopez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
Telf: +34968367645 e-mail: rafa [at] dif.um.es
------------------------------------------------------
-
EAP Key Management Framework Rafa Marín López, January 14 2004
-
EAP Key Management Framework doubt Rafa Marín López, January 19 2004
-
Re: EAP Key Management Framework doubt Jari Arkko, January 21 2004
- Message not available
- Re: EAP Key Management Framework doubt Rafa Marín López, January 21 2004
-
Re: EAP Key Management Framework doubt Jari Arkko, January 21 2004
- Message not available
- Re: EAP Key Management Framework doubt Jari Arkko, January 21 2004
-
EAP Key Management Framework doubt Rafa Marín López, January 19 2004
Results generated by Tiger Technologies using MHonArc.