| Re: FW: [eap] Re: EAP key binding discussion | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Fri, 29 Apr 2005 14:55:28 -0400 (EDT) | |
> Yes, if the AAA-Key is same for all authenticators. I think one issue is exactly what the definition of an "authenticator" is. >From the AAA perspective, an authenticator is defined by attributes such as NAS-IP-Address, NAS-IPv6-Address, and NAS-Identifier. One issue is that a NAS may have more than one IP address (e.g. APs can be members of multiple VLANs and will need an IP address on each VLAN). So it seems like NAS-Identifier is perhaps the best identifier to use for the purpose of defining the NAS identity from the point of view of the EAP peer, server and authenticator. Assuming that the NAS advertises its NAS-Identifier to the peer, securely confirms it in an exchange with the peer (such as in the Secure Association Protocol) and sends this to the server, it is possible for the EAP peer, server and authenticator to confirm that the NAS has accurately represented its identity. The peer and server can confirm that the NAS has told them the same NAS-Identifier via Channel Bindings. If the peer and server confirm the NAS-Identifier value told to them is the same, then the peer can assume that the server has verified that the NAS is not impersonating another NAS. The key framework discusses how this can be done -- it basically requires verification by the first hop proxy. Note that I believe it is outside the scope of the document to describe what hardware configurations constitute a valid NAS. That is, a large NAS could involve multiple processors, could be a WLAN switch or a stand alone AP, could come in a plastic box, a metal box or no box at all (wirewrap board in the open air). A single NAS could even be a cluster. Obviously it is a good idea for the NAS to not leak keying material beyond its boundaries. But that leakage can occur via poor circuit design, inadequate shielding, as well as security vulnerabilities within the AP itself. So I think it's out of scope to describe all the precautions that should be taken.
- Re: FW: [eap] Re: EAP key binding discussion, (continued)
- Re: FW: [eap] Re: EAP key binding discussion Bernard Aboba, April 27 2005
-
RE: FW: [eap] Re: EAP key binding discussion Nakhjiri Madjid-MNAKHJI1, April 28 2005
- RE: FW: [eap] Re: EAP key binding discussion Bernard Aboba, April 28 2005
-
Re: FW: [eap] Re: EAP key binding discussion Jari Arkko, April 29 2005
- Re: FW: [eap] Re: EAP key binding discussion Bernard Aboba, April 29 2005
- RE: FW: [eap] Re: EAP key binding discussion Nakhjiri Madjid-MNAKHJI1, May 2 2005
Results generated by Tiger Technologies using MHonArc.