eap Mailing List: Re: Key derivation and the principle of equivalence

[Jari Arkko (jari.arkko]

I think this looks like a useful simplification of the
document. There may be some smaller things to
think about, however. For instance,

>   Within EAP, the primary function of the AAA protocol is to maintain
>   the principle of Mode Independence, so that as far as the EAP peer is
>   concerned, its conversation with the EAP authenticator, and all
>   consequences of that conversation, are identical, regardless of the
>   authenticator mode of operation.
This seems true. Interestingly, it even seems true if
one imagines a fast handoff scenario where you start
off from a combined NAS-AAA device and handoff to
another NAS.

But its also interesting to note what the text above
does not say. I believe peers already can learn the
identities of both the authenticator and the server,
separately, and if channel bindings are provided peers
can also learn of potential discrepancies among the
properties claimed by the different parties. Of course,
such discrepancies can be learned even if all of this
is in the same box.

Secondly, the text does not say anything about
fast handoffs (and this may well be right). But in
fast handoffs peer would again be aware of changing
identities of the authenticator (even though in this
case you'd not really be running EAP again). And
keys for this would be created slightly differently. But
again, the peer has no real knowledge of whether
he handed off to a new box or just a different part of
the same box.

--Jari