| issue: distributed authenticators (review of eap-keying-08 by mats naslund) | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Wed, 30 Nov 2005 21:29:27 -0800 (PST) | |
Submitter name: Mats Naslund Submitter email address: Mats.Naslund [at] ericsson.com Reference: (this email) Document: Keying Framework Comment type: T Priority: 1 Section: multiple Rationale/Explanation of issue:
Encryption Key" (Enc-SEND-Key) (reception is defined from the point
of view of the authenticator). Within [IEEE-802.11i] Octets 0-31
of the MSK (Enc-RECV-Key) are known as the Pairwise Master Key
(PMK). In [IEEE-802.11i] the TKIP and AES CCMP ciphersuites derive
their Transient Session Keys (TSKs) solely from the PMK, whereas
the WEP ciphersuite as noted in [RFC3580], derives its TSKs from
both halves of the MSK.MN: See comment a few lines down.
Transient EAP Keys (TEKs)
Session keys which are used to establish a protected channel
between the EAP peer and server during the EAP authentication
exchange. The TEKs are appropriate for use with the ciphersuite
negotiated between EAP peer and server for use in protecting the
EAP conversation. The TEKs are stored locally by the EAP method
and are not exported. Note that the ciphersuite used to set up the
protected channel between the EAP peer and server during EAP
authentication is unrelated to the ciphersuite used to subsequently
protect data sent between the EAP peer and authenticator. An
example TEK key hierarchy is described in Appendix A.Transient Session Keys (TSKs)
Session keys used to protect data exchanged in a session between
the peer and authenticator after the EAP authentication has
successfully completed. TSKs are appropriate for the lower layer
ciphersuite negotiated between the ports of the EAP peer and
authenticator. Examples of TSK derivation are provided in Appendix
B.MN: Here I have some trouble... This seems to mandate that protection (on the network side) MUST be terminated in the authenticator. In WiMAX, the authenticator is in the AGW, but the session protection is in the BS.
I.e. it is not clear why both PMK and TSK should be shared between the same two entities... Doesn't one shared key suufice?
TSKs are permitted to be accessed only by the EAP peer and authenticator. Since the TSKs can be determined from the transported
MN: does this imply that the authenticator always needs to be in the "base station"? (since the base station will know TSKs)
-
issue: distributed authenticators (review of eap-keying-08 by mats naslund) Jari Arkko, November 30 2005
-
RE: issue: distributed authenticators (review of eap-keying-08 by mats naslund) Bernard Aboba, November 30 2005
- Re: issue: distributed authenticators (review of eap-keying-08 by mats naslund) Jari Arkko, December 2 2005
-
RE: issue: distributed authenticators (review of eap-keying-08 by mats naslund) Bernard Aboba, November 30 2005
Results generated by Tiger Technologies using MHonArc.