| Re: Clarifications on "Domino effect" | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Fri, 29 Jul 2005 19:41:31 -0400 (EDT) | |
Going through the still open issues...
--Jari
In RFC4017, the Domino effect is described:This text is also in keying-08.
"Compromise of a single authenticator cannot compromise any other part of the system, including session keys and long-term secrets."
Does this finally imply that the authenticator MUST not provide keys to
other entity ?
Intuitively, this text may be too broad. An EAP peer, for instance, is a part of "the system", and its traffic at least would be compromised if its authenticator got compromised. And any new EAP peer connecting to the compromised authenticator would also have its traffic exposed. Similarly, the AAA nodes are affected, because they have a secure connection to a compromised node.
I think what we mean is that when one authenticator is compromised, this does not lead to:
o Compromise of long-term secrets in EAP peers, AAA servers, and other authenticators.
o Compromise of session keys other than those associated with a session where the compromised authenticator is or will be a part of.
o Ability of the authenticator to claim to be another authenticator or to offer another type of service when communicating with EAP peers.
--Jari
-
Clarifications on "Domino effect" Julien Bournelle, May 4 2005
- Re: Clarifications on "Domino effect" Jari Arkko, July 29 2005
- RE: Clarifications on "Domino effect" Alper Yegin, July 31 2005
-
Re: Clarifications on "Domino Effect" Bernard Aboba, July 31 2005
-
Re: Re: Clarifications on "Domino Effect" Jari Arkko, July 31 2005
- Re: Re: Clarifications on "Domino Effect" Bernard Aboba, July 31 2005
-
Re: Re: Clarifications on "Domino Effect" Jari Arkko, July 31 2005
Results generated by Tiger Technologies using MHonArc.