| Review of draft-ietf-eap-keying-08.txt | <– Date –> <– Thread –> |
From: Maryline MAKNAVICIUS (Maryline.Maknavicius int-evry.fr)
|
|
| Date: Wed, 9 Nov 2005 17:04:10 -0500 (EST) | |
Hi all,
Please find hereafter few comments on draft-ietf-eap-keying-08.
1. IMHO the meaning of "lower layer" should be clarified and make consistent
through all the document.
For instance, figure 3 and section 2.3 consider lower layer as including AAA,
while figure 4 and associated explanations of section 2.2 consider AAA and lower
layers separately.
For instance, this does not help understanding section 2.4.1 :
"[a] The lower layer MAY specify additional restrictions on key usage,
such as limiting the use of EAP keying material and parameters on
the EAP peer to the port over which on the EAP conversation was
conducted."
where I guess lower layer does not correspond to AAA, but I may have
misunderstood.
To clarify, I think a definition of "lower layers" is needed in section 1.2.
2. In section 2.1, a typical conversation with phases is given with no details
on what applies for specific lower layer protocols like IKEv2, PPP, IEEE
802.11i...
However, in section 2.3 (caching), explanations are personalized to each lower
layer protocol, giving clues on how this framework should integrate in each
protocol.
I feel like a section (or an appendix) is missing on how this framework applies
to current lower layer protocols.
3. Other clarifications needed in section 3.2:
" As a result, while the lifetime of calculated keys can be less than
or equal that of the exported keys they are derived from, it cannot
be greater. For example, TSK re-key may occur prior to EAP re-
authentication.
"
I do not understand how the last sentence ("TSK re-key may occur prior to EAP
re-authentication") illustrates that exported keys have greater/same lifetime
than derived keys. Maybe to be removed or better explained.
4. Typos:
- section 1.3:
s/known the Key-Lifetime/known as the Key-Lifetime
- section 2.3:
s/As result,/As a result
s/More details are/More details
- section 2.4.1:
s/packet contain/packet contains
s/AAA server and client/authenticator/AAA server and uthenticator's AAA client
- section 3.1:
s/have been and authorized/have been authorized
- section 3.4:
s/the Secure Association Protocol include/the Secure Association Protocol
includes
- section 5:
s/achieves it security/achieves its security
Hope this will be of some help
Maryline
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.