| session independence | <– Date –> <– Thread –> |
From: Tschofenig Hannes (hannes.tschofenig siemens.com)
|
|
| Date: Fri, 6 Feb 2004 10:29:09 -0500 (EST) | |
hi all,
i took a look at the definition of "session independence" which is described
in section 7.2.1 of eap-rfrc2284bis:
"
Session independence
The demonstration that passive attacks (such as capture of
the EAP conversation) or active attacks (including
compromise of the MSK or EMSK) does not enable compromise
of subsequent or prior MSKs or EMSKs.
"
it would be good to specify which keys should not enable compromise
subsequent MSKs / EMSKs. which keys (AAA-Key, MSK, EMSK, EAP-SA-key,
long-term key, etc.) have you had in mind?
an example: if you have a fast reconnect then you might want to send a
protected message to derive new session keys. i simply guess here about the
desired properties of a fast resume since i think that they are not
described anywhere. if an adversary learns the EAP SA then he is also able
to learn new session keys.
maybe it would be helpful to point to terms such as perfect forward secrecy
or to the vulnerability of a known key attack here.
i could write a short paragraph if i knew what you have in mind.
ciao
hannes
-
session independence Tschofenig Hannes, February 6 2004
- Re: session independence Bernard Aboba, February 6 2004
Results generated by Tiger Technologies using MHonArc.