eap Mailing List: Re: FW: [eap] Re: EAP key binding discussion

[Jari Arkko (jari.arkko]

Hi Madjid

> Madjid>>what about disclosure of the keys between the authenticators??
> I think EAP and its key management framework has not positioned itself well with respect to handovers and that is why the door for interpretations is being opened over and over.
>  
It is true that the key management framework does not do good
enough job for handovers. We have the security requirements for
overall operation which also need to be followed here, but
specific formulas etc on the handovers are not baked yet. Part
of the reason for this is that we are lacking a specific fast handover
architecture, given that there are so many proposals. That's why
we have also split the document so that we can get the "existing
stuff" (e.g. 802.11) document out as soon as possible, and have
more time to complete the fancier handover key scenarios.

> Madjid>> "all parties"? Where is the mutual authentication between the NAS and AAA server enforced? RADIUS shared secret (SS)? If that
Yes.

> is the case then you can have 
> 			SS1
> 		LKDC----------AAA server
> 			     	 /	 /
> 		long term__/	/SS2
> 		secret  /       /
> 		       peer---- NAS
>
>
>
> and the "domino effect"
> condition which prevents compromise of one party from affecting other
> parties.
>
> Madjid>> Sending the AAA-key to each authenticator and reusing it by other authenticator as part of secure association generation with the peer causes "domino effect", no
>  
Yes, if the AAA-Key is same for all authenticators.

--Jari