eap Mailing List: Re: EAP-AKA review

[Jari Arkko (jari.arkko]

Hi Yoshihiro,

Returning back to the one remaining open issue in the AKA
review...

>     1e. Description of key hierarchy. Is the key hierarchy
>         documented?
>
> Yes.
>         [Optional, at least for now: does it conform to EAP
>         keying framework?]

I guess this indeed needs to be optional until the keying
document is finalized. So perhaps the discussion is moot, but
anyway:

> The two TEKs defined in EAP-AKA, namely K_aut and K_encr, do not seem
> to comply with the EAP keying framework.  (In the EAP keying
> framework, it is not allowed to use TEKs across an EAP conversation
> while in EAP-AKA the TEKs are used in full authentication and
> subsequent fast re-authentications.

I posted an issue for the keying document related to this.
Basically, after some analysis, it seems that the division
between "TEKs" and "other keying material" in the keying
document is somewhat artificial. I also provided some suggested
text to correct this. What's your opinion on this? And if you
agree, is there something else in EAP-AKA that needs to be changed
because of this? Note: I also suggested some text in EAP keying
about the relationship of fast reconnect and guarantees about the
continued possession of the original long-term keys. We could
add some discussion to the AKA document about this too, but
personally it feels sufficient if the keying document talks
about it, as it is general for all EAP methods having a fast
reconnect scheme.

--Jari