| issue: counter length (review of eap-keying-08 by mats naslund) | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Wed, 30 Nov 2005 21:30:44 -0800 (PST) | |
Submitter name: Mats Naslund Submitter email address: Mats.Naslund [at] ericsson.com Reference: (this email) Document: Keying Framework Comment type: T Priority: 1 Section: multiple Rationale/Explanation of issue:
Lower Layer
The lower layer Secure Association Protocol MUST generate a fresh
session key for each session, even if the keying material and
parameters provided by EAP methods are cached, or the peer or
authenticator lacks a high entropy random number generator. A
RECOMMENDED method is for the peer and authenticator to each
provide a nonce or counter of at least 128 bits, used in session
key derivation.MN: If it is a counter, I don't see why it needs to be 128 bits... Only a few bits will change anyway each time a new key is generated.
-
issue: counter length (review of eap-keying-08 by mats naslund) Jari Arkko, November 30 2005
- RE: issue: counter length (review of eap-keying-08 by matsnaslund) Bernard Aboba, November 30 2005
Results generated by Tiger Technologies using MHonArc.