| RE: Re: EAP-Keying Draft Issues | <– Date –> <– Thread –> |
From: Pasi.Eronen (Pasi.Eronen nokia.com)
|
|
| Date: Tue, 12 Oct 2004 12:18:57 -0400 (EDT) | |
Bernard Aboba wrote: > Early on in the keying design team, an analysis of the > difference between EAP keying and traditional 3-way key > derivation schemes such as Kerberos was presented. If it > would help improve clarity, the details of this analysis > could be presented. The analysis did identify a number of > issues which were included in the draft, but perhaps the > connection is not clear. > > > We can pick up and use (e.g., Needham-Schroeder, Otway-Rees, > > Bellare-Rogaway) if only we want to. > > As I recall, the analysis of the differences between EAP and > Needham-Schroeder showed that the main deficit was in the > binding area. This motivated the section on Channel bindings. > > Pasi -- Can you provide details here? I think you're referring to this email: http://mail.frascone.com/pipermail/eap/2003-August/001596.html Reading what I wrote over a year ago, there are some thing I'd perhaps phrase differently today, but the basic source of complexity (and difference from traditional 3-way stuff) is still valid: the entities involved do not have a single identifier, but several. The AAA server can authenticate the NAI of the user, but the AP is more interested in the MAC address. And when using RADIUS or Diameter, the AAA server might authenticate an FQDN or IP address of the AP, but the client is not interested in those. There is always BSSID, but the AAA server cannot produce an attestation about that (for the client) unless it knows that it's sending the PMK to the entity identified by that BSSID (i.e., the key wrapping key is only known by that BSSID). We've of course been through this many times before, and I think every time the conclusion has been roughly that "this isn't a problem worth solving"... since it e.g. requires configuring BSSIDs in the AAA server, or alternatively putting BSSIDs into certificates (since the attestation should be about _authenticated_ identities, not claimed identitites). (And yet another story is that having an attestation about SSID is probably more useful to the client than BSSID.) Best regards Pasi
- RE: Re: EAP-Keying Draft Issues, (continued)
- RE: Re: EAP-Keying Draft Issues Walker, Jesse, October 8 2004
-
RE: EAP-Keying draft issues Walker, Jesse, October 9 2004
- RE: EAP-Keying draft issues Alper Yegin, October 26 2004
- RE: EAP-Keying draft issues Walker, Jesse, October 11 2004
- RE: Re: EAP-Keying Draft Issues Pasi.Eronen, October 12 2004
- RE: EAP-Keying draft issues Walker, Jesse, October 27 2004
Results generated by Tiger Technologies using MHonArc.