eap Mailing List: Issue: EAP Key Manglement Terminology

[Bernard Aboba (bernard_aboba]

> ***I think the terminology section needs some more clarification on the
> distinction of a backend authentication server/AAA server and EAP
> server, given that the draft says: "the terms "AAA server" and "backend
> authentication server" are used interchangeably." Honestly, I think the
> draft might as well say "the terms AAA server, EAP sever and backend
> authentication server are used interchangeably"

The term "EAP server" is not necessarily synonymous with "AAA server".
Remember, in the "stand alone" case the EAP server is the EAP
authenticator.

However, I do think it would be useful to use a single term for the
"backend authentication server".

> Backend authentication server
>       A backend authentication server is an entity that provides an
>      authentication service to an authenticator.  When used, this server
>      typically executes EAP methods for the authenticator.  This
>      terminology is also used in [IEEE-802.1X].
>
> I think the definition of "this server typically executes EAP methods
> for the authenticator" should be added to the definition of EAP server.

This is the definition from RFC 3748 and [IEEE 802.1X] so changing could
introduce confusion.

> ***MSK and EMSK definitions talk about export. RFC 3748 terminology does
> not include "export", so it is not clear what export means.

The definitions are copied from [RFC3748] without modification.  Note that
[RFC3748] does include the term "export".  See Section 1.2:

  Master Session Key (MSK)
     Keying material that is derived between the EAP peer and server
     and exported by the EAP method.  The MSK is at least 64 octets in
     length.  In existing implementations, a AAA server acting as an
     EAP server transports the MSK to the authenticator.

  Extended Master Session Key (EMSK)
     Additional keying material derived between the EAP client and
     server that is exported by the EAP method.  The EMSK is at least
     64 octets in length.  The EMSK is not shared with the
     authenticator or any other third party.  The EMSK is reserved for
     future uses that are not defined yet.

> ***PMK definition should be generic.

The term "PMK" was originally defined in IEEE 802.11 and is not used in
[RFC3748].  Given this, I'm not clear that it would be appropriate to
redefine it in this document.  As far as I can tell, everywhere the term
"PMK" is used in both IEEE 802.11 and 802.16, it is equivalent to
MSK(0,31).

> ***TEK and TSK both use the word "session keys" as the start of the
> definition, whereas the mean completely different "session" (if you
> will).

It would probably help to make it clear that TEKs relate to the EAP
conversation and TSKs relate to data.  I think that this may have been
described in some of the material that was removed.

> Given that EAP methods produce MSK and EMSK and export (presumably to
> the AAA server), it is probably the AAA server that creates the AAA-key
> out of the MSK and send it over? Specially given that we say EAP server
> dumps the MSK after export? Does it dump the MSK and keep the AAA key
> then? Do we want to leave this to interpretation?

In -08 the term "AAA-Key" is used only once, within the definition.
Several commenters had felt that the term was confusing, so that it has
been removed.  Perhaps it might be clearer if the following
definition were used instead:

AAA-Key
    The term "AAA-Key" is synonymous with MSK.

Given the above definition, the lower layer does not "create" the AAA-Key;
it is passed down to it from the EAP Method.  There has been some
discussion as to whether the lower layer "creates" AMSKs after receiving
the EMSK from the EAP layer, or whether the EAP layer keeps the EMSK
secret from the lower layer and calculates AMSKs from the EMSK based on
a request from the lower layer.

> "The EAP server also decides whether access to some service should be
> granted"??? Isn't this the job of AAA server?

The actual quotation is:

  The EAP server also
  stores the peer's identity and/or other information necessary to
  decide whether access to some service should be granted.

So yes, the AAA server makes the decision, but the EAP server stores the 
information.