| Re: Re: Issue 262: MSK Naming | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Tue, 26 Oct 2004 09:49:50 -0400 (EDT) | |
Here's my text proposal. Note that this is orthogonal to other discussion items that also may have to deal with, such as whether the names should be of fixed size. If they need to be, a computation with the below data as input may be way to go.
In 2.4, change:
This key is created between the EAP peer and EAP server, and is
uniquely named by the concatenation of the string "MSK", EAP
Method Type, EAP peer name, EAP server name, EAP peer nonce, and
the EAP server nonce. Here the EAP peer name and EAP server name
are the identifiers securely exchanged within the EAP method.
Since multiple MSKs may exist between an EAP peer and EAP server,
the EAP peer nonce and EAP server nonce allow MSKs to be
differentiated; at least one of these nonces is necessary. The
inclusion of the Method Type in the name ensures that each EAP
method has a distinct name space.=>
This key is created between the EAP peer and EAP server, and is
uniquely named by the concatenation of the string "MSK", EAP
Method Type, EAP peer name, EAP server name, and unique material
defined by the method. The EAP peer name is included only if
it is securely exchanged within the method. Otherwise a null
string is used as the EAP peer name. The same rule applies to
the EAP server name. The definition of "unique material" is
left to method specifications (appendix X defines this material
for methods that have been published prior to this specification),
but typically consists of nonces or sequence numbers exchanged
within the method. Since multiple MSKs may exist between an EAP
peer and EAP server, the unique material allows MSKs to be
differentiated; it also provides uniqueness for methods that
do not exchange peer/server names. The inclusion of the
Method Type in the name ensures that each EAP method has a
distinct name space.and
The EMSK is named similarly to the above. Its name is the
concatenation of the string "EMSK", the EAP Method Type, EAP peer
name, EAP server name, EAP peer nonce, and the EAP server nonce.=>
The EMSK is named similarly to the above. Its name is the
concatenation of the string "EMSK", the EAP Method Type,
EAP peer name (if securely exchanged), EAP server name
(also only if securely exchanged), and unique material
defined by the method.Also, add Appendix X:
Appendix X. Key naming in methods published prior to naming requirements
This appendix provides an informative specification of key
names in methods that have been published prior to the publication
of this RFC. What is needed in addition to the rules in Section
2.4 is the definition of what EAP peer and server names are used,
what method-specific unique material is used, and how these are
encoded.EAP-TLS
... (maybe you Bernard can fill this?) ...
EAP-AKA
The EAP peer name is the contents of the Identity field from
the AT_IDENTITY attribute, using only the Actual Identity Length
octets from the beginning, however. Note that the contents are
used as they are transmitted, regardless of whether the transmitted
identity was a permanent, pseudonym, or fast reauthentication
identity.The EAP server name is an empty string.
The unique material is the contents of the RAND field from the
AT_RAND attribute, followed by the contents of the AUTN field
in the AT_AUTN attribute.EAP-SIM
The EAP peer name is the contents of the Identity field from
the AT_IDENTITY attribute, using only the Actual Identity Length
octets from the beginning, however. Note that the contents are
used as they are transmitted, regardless of whether the transmitted
identity was a permanent, pseudonym, or fast reauthentication
identity.The EAP server name is an empty string.
The unique material is the contents of the RAND field from the
AT_RAND attribute, followed by the contents of the NONCE_MT field
in the AT_NONCE_MT attribute.... others are free to submit additional items here ...
-
Issue 262: MSK Naming Bernard Aboba, October 19 2004
-
Re: Issue 262: MSK Naming Bernard Aboba, October 19 2004
-
Re: Re: Issue 262: MSK Naming Jari Arkko, October 26 2004
- Re: Re: Issue 262: MSK Naming Jari Arkko, October 26 2004
-
Re: Re: Issue 262: MSK Naming Jari Arkko, October 26 2004
-
Re: Issue 262: MSK Naming Bernard Aboba, October 19 2004
Results generated by Tiger Technologies using MHonArc.