| Proposed resolution to Issue 220: Relationship between AAA-Key and MSK/EMSK | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Wed, 3 Mar 2004 23:00:33 -0500 (EST) | |
The text of Issue 220 is enclosed below. The proposed resolution is as follows: Add the following paragraph to the beginning of Appendix E: Where a AAA-Key is generated as the result of a successful EAP authentication, the AAA-Key is set to MSK(0,63). -------------------------------------------------------- Issue 220: Relationship between AAA-Key and MSK/EMSK Submitter name: Hannes Tschofenig Submitter email address: hannes.tschofenig [at] siemens.com Date first submitted: 2/6/2004 Reference: http://mail.frascone.com/pipermail/public/eap/2004-February/002231.html Document: Key Framework Comment type: T Priority: S Section: Various Rationale/Explanation of issue: it is said that the AAA-Key is derived from the MSK and EMSK. the eap-keying document does not specify how this key derivation is achieved. Worse, in Section 4.2.1 the text says: " The AAA-Key is derived from the keying material exported by the EAP method (MSK and EMSK). This derivation occurs on the AAA server. In many existing protocols that use EAP, the AAA-Key and MSK are equivalent, but more complicated mechanisms are possible (see Appendix E for details). " Appendix e, however, does not help since it talks only about a very special case, namely fast handoff. We discussed this issue in one of the eap keying design team phone conferences but it got lost somehow. It would be more helpful to provide a proposal for AAA-Key to MSK/EMSK key derivation. [Joe Salowey] I agree the definition of the AAA-key seems incomplete, I think the definition is any key that is used by the authenticator and supplicant to derive keys for data traffic protection (I don't think AAA-key is the best name since it doesn't have to involve a AAA in the basic case). In the case of standard 802.11 this AAA-Key the same as the MSK. In the fast handoff example I believe additional AAA-keys are pushed to neighboring access points. In order to provide computational independence from the MSK they should be derived from the EMSK. I have submitted an issue in email http://mail.frascone.com/pipermail/eap/2004-January/002143.html (which has not yet been assigned a number) which describes how to derive keys from the EMSK for specific purposes. I think appendix e needs to be updated as discussed in Issue 214 http://www.drizzle.com/~aboba/EAP/eapissues.html#Issue%20214. I haven't had time to take a detailed look at Jari's proposal. I'm not sure why the A-AAA-Key is needed in this derivation but it is equivalent to the MSK. Could you provide some more context from your discussion? What exactly are you deriving keys to do? In my opinion it is best to use the MSK as in the case of 802.11 (single authenticator to supplicant). If keys are going to be used for other purposes, between other parties or in other ways they should be derived from the EMSK.
-
Proposed resolution to Issue 220: Relationship between AAA-Key and MSK/EMSK Bernard Aboba, March 3 2004
-
RE: Proposed resolution to Issue 220: Relationship between AAA-Key and MSK/EMSK Joseph Salowey, March 3 2004
-
Re: Proposed resolution to Issue 220: Relationship between AAA-Key and MSK/EMSK Jari Arkko, March 3 2004
- RE: Proposed resolution to Issue 220: Relationship between AAA-Key and MSK/EMSK Joseph Salowey, March 4 2004
-
Re: Proposed resolution to Issue 220: Relationship between AAA-Key and MSK/EMSK Jari Arkko, March 3 2004
-
RE: Proposed resolution to Issue 220: Relationship between AAA-Key and MSK/EMSK Joseph Salowey, March 3 2004
Results generated by Tiger Technologies using MHonArc.