eap Mailing List: RE: RFC 3748 Review of EAP SIM

[henry.haverinen (henry.haverinen]

> > The draft spells out the consequences of sharing, as they 
> are at the time
> > of writing. As Jari already commented, new improvements are 
> being speficied
> > at 3GPP.
> 
> OK.  You might reference those developments.

The developments are described in several standardization submissions
which are not complete proposals but meeting documents, so it
is not easy to find good references. Maybe we could simply describe the
current status as follows:

At the time of writing this document, the 3rd Generation Partnership Project 
(3GPP) has started to work on fixes to these A5 vulnerabilities. One of the 
solution proposals discussed in 3GPP is integrity protected A5 version 
negotiation, which would require the base station to prove knowledge of the Kc 
key 
before the terminal sends any values calculated from the Kc to the network. 
Another proposal is so-called special RANDs, where some bits of the RAND 
challenge 
would be used for cryptographic separation by indicating the allowed use of the 
triplet, such as the allowed A5 algorithm in GSM or the fact that the triplet 
is 
intended for EAP-SIM. This is currently work in progress, and the mechanisms 
have not 
been selected yet.

> That's fine.  You might include a reference to the PEAP
> specification that included the vulnerability (-02 I believe).

OK, and I guess it would be appropriate to mention that later versions
do not have this vulnerability.

I have now made new revisions of the drafts with the changes that 
we have agreed on. I believe all issues identified in the reviews
have been corrected.

Henry