| Re: Re: EAP key binding discussion | <– Date –> <– Thread –> |
From: Rafa Marin Lopez (rafa dif.um.es)
|
|
| Date: Wed, 4 May 2005 08:15:37 -0400 (EDT) | |
Hi Jari.
Thanks for your answer ... please see below
Jari Arkko wrote:
Agree
True. Now what I was wondering if EAP key management framework allows a KDC hierarchy ... any thought about this?
Thanks.
Thanks for your answer ... please see below
Jari Arkko wrote:
Rafa Marin Lopez wrote:
After I read this, I think it seems to be similar to PANA when PAA is not colocated in the EP for example in the wireless LAN model(http://www.ietf.org/internet-drafts/draft-ietf-pana-framework-03.txt).Moving the key controller node higher in the hierarchy does help a lot.
In fact PaC/EAP peer can derive one PMK per each EP/AP controlled by PAA. PAA can derive the same keys that would send to different EPs controlled by this PAA (how to derive PMKs per each EP/AP derived from AAA-key that PAA receives from AAA is ongoing work). So PAA would be like your LKDC. However PAA is also acting as NAS that is a difference what you propose.
On the other hand , when a EAP peer moves to another EP/AP controlled by another LKDC then we are moving the problem to allow a fast handoff between LKDCs. In the case of PANA , it is being treated in http://www.ietf.org/internet-drafts/draft-bournelle-pana-ctp-02.txt and http://www.ietf.org/internet-drafts/draft-ietf-pana-mobopts-00.txt
Agree
Both in your example above as well as in various L2 concentrator designs.
Regarding the derivation of "PMKs" per EP, isn't that already specified
in Section 5 of draft-ietf-pana-ipsec-05.txt -- the keys are different per EP
address and session ID.
True. Now what I was wondering if EAP key management framework allows a KDC hierarchy ... any thought about this?
Thanks.
--Jari
_______________________________________________ eap mailing list eap [at] frascone.com http://mail.frascone.com/mailman/listinfo/eap
-- ------------------------------------------------------ Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968367645 e-mail: rafa [at] dif.um.es ------------------------------------------------------
- RE: Re: EAP key binding discussion, (continued)
-
RE: Re: EAP key binding discussion Nakhjiri Madjid-MNAKHJI1, April 27 2005
- Re: Re: EAP key binding discussion Jari Arkko, April 28 2005
-
Re: Re: EAP key binding discussion Rafa Marin Lopez, April 28 2005
- Re: Re: EAP key binding discussion Jari Arkko, May 3 2005
- Re: Re: EAP key binding discussion Rafa Marin Lopez, May 4 2005
-
RE: Re: EAP key binding discussion Nakhjiri Madjid-MNAKHJI1, April 27 2005
- Re: Re: EAP key binding discussion Jari Arkko, May 3 2005
Results generated by Tiger Technologies using MHonArc.