eap Mailing List: RE: FW: [eap] Re: EAP key binding discussion

[Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri]

Hi Bernard,

-----Original Message-----
From: Bernard Aboba [mailto:aboba [at] internaut.com] 
Sent: Wednesday, April 27, 2005 11:50 PM
To: Nakhjiri Madjid-MNAKHJI1
Cc: eap [at] frascone.com
Subject: Re: FW: [eap] Re: EAP key binding discussion

> Sorry for the late response to this. I have written something up. It is
> more a problem statement than a solution proposal. Basically because I
> was not sure whether sending the AAA key to some place other than an
> authenticator is against EAP key management principals.

The Housley Criteria are described in RFC 4017 as well as the EAP Key
Management framework.

In particular, I would pay attention to the "Confidentiality" condition
(which prohibits disclosure of keys to parties outside the peer, server
and authenticator), 

Madjid>>what about disclosure of the keys between the authenticators??
I think EAP and its key management framework has not positioned itself well 
with respect to handovers and that is why the door for interpretations is being 
opened over and over.

the "mutual authentication" condition which requires
mutual authentication between all parties, 

Madjid>> "all parties"? Where is the mutual authentication between the NAS and 
AAA server enforced? RADIUS shared secret (SS)? If that is the case then you 
can have 
                        SS1
                LKDC----------AAA server
                                 /       /
                long term__/    /SS2
                secret  /       /
                       peer---- NAS



and the "domino effect"
condition which prevents compromise of one party from affecting other
parties.

Madjid>> Sending the AAA-key to each authenticator and reusing it by other 
authenticator as part of secure association generation with the peer causes 
"domino effect", no?