| RE: issue: ciphersuites and key lengths (review of eap-keying-08 by mats naslund) | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Wed, 30 Nov 2005 22:49:43 -0800 (PST) | |
In RFC 3748, both the MSK and EMSK are required to be at least 64+ Octets in length. So all exported keying material is large, not just the MSK.
Since the lower layer ciphersuites vary between media, if the EAP keying material
were not large enough (or have enough entropy) to handle any ciphersuite, then EAP keying
material would not be usable on all media, and media independence would be compromised.
So I guess you can say that Ciphersuite independence is a requirement for Media
Independence, and to obtain ciphersuite independence, exported EAP keying material
needs to be large (with sufficient key entropy).
I am not sure what mode independence has to do with this, though. That seems orthogonal.
From: Jari Arkko <jari.arkko [at] piuha.net>
To: eap [at] frascone.com
CC: "Mats Näslund (KI/EAB)" <mats.naslund [at] ericsson.com>
Subject: [eap] issue: ciphersuites and key lengths (review of eap-keying-08 by mats naslund)
Date: Thu, 01 Dec 2005 07:29:52 +0200
Submitter name: Mats Naslund Submitter email address: Mats.Naslund [at] ericsson.com Reference: (this email) Document: Keying Framework Comment type: T Priority: 1 Section: multiple Rationale/Explanation of issue:
Ciphersuite Independence is a consequence of the principles of Mode Independence and Media Independence.
MN: I don't agree. Suppose that the MSK had been only 80 bits rather than 64 bytes. We could then not have satsified security requirements on 256-bit key cipher suites. Now, the MSK's 64 bytes are so huge that it is sufficient for all "practical" cipher suites. But I still claim it does not follow as a consequnce from Mode and Media independence alone. There is an implict assumption that enough "key entropy" is available.
Since the ciphersuites used to protect data depend on the lower layer, requiring EAP methods have knowledge of lower layer ciphersuites would compromise the principle of Media Independence.
MN: yes, to avoid needing to know key requirements, the MSK has been chosen to be "large enough for all practical use"
Since ciphersuite negotiation occurs in the lower layer, there is no need for ciphersuite negotiation within EAP, and EAP methods generate keying material that is ciphersuite-independent.
MN:...thanks to the fact that the MSK is so large.
_________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.frascone.com/pipermail/eap
-
issue: ciphersuites and key lengths (review of eap-keying-08 by mats naslund) Jari Arkko, November 30 2005
- RE: issue: ciphersuites and key lengths (review of eap-keying-08 by mats naslund) Bernard Aboba, November 30 2005
Results generated by Tiger Technologies using MHonArc.