| Pseudo-WG last call on draft-walker-ieee802-req-00.txt | <– Date –> <– Thread –> |
From: Tschofenig Hannes (hannes.tschofenig siemens.com)
|
|
| Date: Fri, 12 Mar 2004 03:04:07 -0500 (EST) | |
Issue TBD: User identity confidentiality Submitter name: Hannes Tschofenig Submitter email address: Hannes.Tschofenig [at] siemens.com Date first submitted: 10/3/2004 Reference: http://mail.frascone.com/pipermail/public/eap/2004-March/002361.html Document: draft-walker-ieee802-req-00 Comment type: 'T' Priority: '1' Should fix Section: 2.3 and 2.4 Rationale/Explanation of issue: Section 2.4 lists the requirement for user identity confidentiality as a MAY requirement: " [10] End-user identity hiding. This corresponds to the "Confidentiality" security claim defined in [RFC2284bis], Section 7.2.1. " User identity confidentiality gains more importance in the presence of wlan hotspots and also due to transmission of location information. Additionally, the requirement does not differentiate between active and passive user identity confidentiality. Solid active user identity confidentiality requires public based mechanism and cannot be a MUST or SHOULD requirement. Passive user identity confidentiality can, however, be accomplished with authentication and key exchange protocols based symmetric keys. For the wireless environment passive user identity confidentiality should be of higher priority. Requested change: Add a requirement to section 2.3 (SHOULD requirement section): Passive user identity confidentiality for the EAP peer: This corresponds to the "Confidentiality" security claim defined in [RFC2284bis], Section 7.2.1. Passive user identity confidentiality provides protection against an eavesdropper at the wireless link or in the AAA infrastructure. It does not protect against an active adversary. " Modify existing requirement in section 2.4 (MAY requirement section): Active user identity confidentiality for the EAP peer: This corresponds to the "Confidentiality" security claim defined in [RFC2284bis], Section 7.2.1. Active user identity confidentiality prevents disclosure of the identity of the EAP peer even against an active adversary. "
-
Pseudo-WG last call on draft-walker-ieee802-req-00.txt Bernard Aboba, February 24 2004
- RE: Pseudo-WG last call on draft-walker-ieee802-req-00.txt Tschofenig Hannes, March 10 2004
- Pseudo-WG last call on draft-walker-ieee802-req-00.txt Tschofenig Hannes, March 12 2004
Results generated by Tiger Technologies using MHonArc.