| Re: methods and expert reviews | <– Date –> <– Thread –> |
From: Thomas Otto (t.otto sharevolution.de)
|
|
| Date: Fri, 24 Jun 2005 07:36:09 -0400 (EDT) | |
Hi Jesse, regarding Section 2 of your review of EAP-PSK: > 2. TEK, MSK, and EMSK issues > > The derivation of the TEK, MSK, and EMSK depend on only RAND_S and KDK. > This means the peer assumes (i.e., "trusts") that the server generates a > statistically unique RAND_S for each session. If the server fails to > generate a statistically unique RAND_S, then the TEK, MSK, and EMSK are > compromised on each repeated session. The derivation of TEK, MSK and EMSK depend on RB and KDK, where RB is the 16byte random data of the *client*, that is RAND_P (cf. 2.2.1, p.14 ff. in draft-bersani-eap-psk-07.txt). I'm not sure how this circumstance affects your argumentation in Section 2. Regards, Thomas
-
methods and expert reviews Jari Arkko, June 7 2005
-
RE: methods and expert reviews Walker, Jesse, June 11 2005
- Re: methods and expert reviews Thomas Otto, June 24 2005
- Re: methods and expert reviews Thomas Otto, June 24 2005
-
Future of EAP-PSK Thomas Otto, June 30 2005
- Re: Future of EAP-PSK Charles Clancy, June 30 2005
-
RE: methods and expert reviews Walker, Jesse, June 11 2005
- RE: methods and expert reviews Pasi.Eronen, June 13 2005
Results generated by Tiger Technologies using MHonArc.