| Re: Issue on eap-keying: PMK naming | <– Date –> <– Thread –> |
From: Florent Bersani (florent.bersani rd.francetelecom.fr)
|
|
| Date: Tue, 5 Oct 2004 02:51:56 -0400 (EDT) | |
Jari Arkko wrote:
Florent Bersani wrote:
Description of issue: possible confusion between PMK naming and PMKID
Submitter name: Florent Bersani
Submitter email address: florent.bersani [at] francetelecom.com
Date first submitted: 10/04/2004
Document: Keying Framework
Comment type: 'E'ditorial
Priority: '1' Should fix
Section: 2.4 and 3.4.1
Rationale/Explanation of issue:
I find the following confusing. In section 2.4, I read
"PMK Name
The PMK has no name of its own, and is only identified by the AAA- Key from which it is derived."
but in Section 3.4.1, I find "PMKID (security association identifier)"... so it seems to me that the PMK has no name but has an identifier (defined in clause 8.5.1.2 of IEEE 802.11i IIRC). I guess it could be worth clarifying this subtlety, wouldn't it?
Requested change
Would our 802.11i experts approve the following: "PMK Name
The PMK may be named by its identifier PMKID defined in clause 8.5.1.2 of [IEEE80211i]."
I agree that the current text is confusing. On the other hand, there's a distinction between what the keying framework documents and what additional things may be done by link layers.
OK but my understanding is that the PMK is bound to a specific link layer, namely IEEE 802.11i
(see e.g. section 2.1: "Pairwise Master Key (PMK)
The AAA-Key is divided into two halves, the "Peer to Authenticator
Encryption Key" (Enc-RECV-Key) and "Authenticator to Peer
Encryption Key" (Enc-SEND-Key) (reception is defined from the point
of view of the authenticator). Within [IEEE80211i] Octets 0-31 of
the AAA-Key (Enc-RECV-Key) are known as the Pairwise Master Key
(PMK). In [IEEE80211i] the TKIP and AES CCMP ciphersuites derive
their Transient Session Keys (TSKs) solely from the PMK, whereas
the WEP ciphersuite as noted in [RFC3580], derives its TSKs from
both halves of the AAA-Key.")Here's a slightly modified text suggestion:
PMK Name
This document does not specify any naming scheme for the PMK. The PMK is only identified by the AAA-Key from which it is derived.
Note: IEEE 802.11i names the PMKID for the purposes of being able to refer to it in the Secure Association protocol; this naming is based on a hash of the PMK itself as well as some other parameters (see Section 8.5.1.2 [ref]).
I guess I understand that the "names" that eap-keying defines are the ones to be included in the document, hence, since it is 802.11i which defines the PMK "name", this name has not its place in the document.
Perhaps sth like what's writtent about the TEKs, i.e., "the PMK naming is specified in IEEE 802.11i" would do just fine but the text jari proposes is OK for me, although I am not sure what "naming the PMKID means". Wouldn't "IEEE 802.11i names the PMK thanks to a PMKID..." be better?
--Jari
-
Issue on eap-keying: PMK naming Florent Bersani, October 4 2004
-
Re: Issue on eap-keying: PMK naming Jari Arkko, October 4 2004
- Re: Issue on eap-keying: PMK naming Florent Bersani, October 4 2004
- Re: Issue on eap-keying: PMK naming Jari Arkko, October 5 2004
-
Re: Issue on eap-keying: PMK naming Jari Arkko, October 4 2004
Results generated by Tiger Technologies using MHonArc.