| Re: Issue on eap-keying: naming of AMSks | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Tue, 5 Oct 2004 07:54:46 -0400 (EDT) | |
First, I agree with Florent's suggested change.
--Jari
But the issue you bring up Joe seems indeed a separate one, or maybe even multiple ones:
o We can require support of a specific naming scheme in EAP, but does this imply that the keys can only be referred to these names in other protocols, or are those protocols free to choose what they want? Other candidate naming schemes the protocols could used include a hash of the EAP defined name, a hash of the key itself, time of day when the key was created, and user's shoe size.
Tentative suggestion: It seems sufficient that EAP provides keys and key names with the specified format and that applications can use this information or some other identifiers as best suits that particular application.
o String concatenation names vs. hash results. Should we have short or long names, or possibly both? (Didn't we discuss this at one time? Or was it about the use of the keys themselves as a basis for the names?)
Tentative suggestion 1: We could require the support and delivery of the specified long names from EAP point of view, but allow application protocols to perform a hash to shorten the name, if appropriate.
Tentative suggestion 2: Specify that names are hashes of the currently defined strings. It seems that the issue of deciding which hash function to use is not a problem, because we have already chosen a particular function for the AMSK generation.
--Jari
It seems that the definition of the AMSK name may be up to the application that is using the key. I suppose it is fine to define a name, but I'm not sure it is good to expect application to use that name. This brings up another topic. I think in many cases a fixed length name may be more useful (perhaps this is an ID, who knows). The current naming schemes can lead to long variable length names. I would rather (or also) like to see schemes that result in a fixed length name (or ID).
eap-admin [at] frascone.com wrote:
Description of issue: should AMSK naming be mandatory?
Submitter name: Florent Bersani
Submitter email address: florent.bersani [at] francetelecom.com
Date first submitted: 10/04/2004
Document: Keying Framework
Comment type: 'E'ditorial
Priority: 1 should fix
Section: 2.4
Rationale/Explanation of issue:
section 2.4 reads: "AMSK Name
AMSKs, if any, may be named by the concatenation of the string
"AMSK", key label, application data (see Appendix F), and EMSK
Name."
However, I think it is sound practice to name keys. Since AMSK are new, we shouldn't be bothered with legacy reasons. Hence, why not make this AMSK naming "mandatory"
Requested change
Replace the previous text by "AMSK Name
AMSKs, if any, are named by concatenating the string
"AMSK", key label, application data (see Appendix F), and EMSK
Name."
-
Issue on eap-keying: naming of AMSks Florent Bersani, October 4 2004
- Re: Issue on eap-keying: naming of AMSks Jari Arkko, October 4 2004
-
RE: Issue on eap-keying: naming of AMSks Joseph Salowey, October 4 2004
- Re: Issue on eap-keying: naming of AMSks Jari Arkko, October 5 2004
- Re: Issue on eap-keying: naming of AMSks Florent Bersani, October 5 2004
- Re: Issue on eap-keying: naming of AMSks Jari Arkko, October 5 2004
- RE: Issue on eap-keying: naming of AMSks Joseph Salowey, October 5 2004
- Re: Issue on eap-keying: naming of AMSks Florent Bersani, October 6 2004
Results generated by Tiger Technologies using MHonArc.