eap Mailing List: Re: Issue: Use of term lower layer

[Jari Arkko (jari.arkko]

Salowey, Joe wrote:

> The term lower layer is used inconsistently in the document. 
>
> Lower layer should refer to the protocol between the EAP Peer and the
> EAP Authenticator.  It is between these entities that the security
>  
Yes. This also seems consistent with the RFC 3748
definition:

  [a] Lower layer.  The lower layer is responsible for transmitting and
      receiving EAP frames between the peer and authenticator.  ...

> association protocol is typically run.  The MSK is transported to the
> lower layer. 
>
> AAA is not an EAP lower layer except in the special case where the AAA
> client and server are acting as the EAP Peer and EAP Authenticator for
> some reason (an example of this could was in EUSM).  Entities other than
> the lower layer may obtain keys derived from the EMSK.  
>  
I fear we may have some descriptions where EAP provides
some information "to the lower layer", and we need to make
sure that such text is changed so that it fits both the AAA and
integrated cases, without breaking mode independence.

> Requested change:
>
> Section 2.1
> ----------- 
> change
>
> "Of these phases, Phase 0, 1b and Phase 2 are handled by a lower layer."
>
> To 
>
> "Of these phases, Phase 0, 1b and Phase 2 are handled external to EAP.
> Phases 0 and 2 are handled by the lower layer protocol and phase 1b is
> typically handled by a AAA protocol."
>  
Ok.

> Section 2.2
> ------------
> (remove references to IV)
> ---
> Change
>
> "The EMSK MUST NOT be provided to the lower layer, nor is it permitted
> to pass any quantity to the lower layer from which the EMSK could be
> computed without breaking some cryptographic assumption, such as
> inverting a one-way function."
>
> To
>
> "The EMSK MUST NOT be provided to an entity outside the EAP server or
> peer, 
> nor is it permitted to pass any quantity to an entity outside the EAP
> server or peer
> from which the EMSK could be
> computed without breaking some cryptographic assumption, such as
> inverting a one-way function."
>  
Ok.

> ---
> Change 
>
> "In order to preserve the security of keys derived within EAP methods,
>   lower layers other than AAA MUST NOT export keys passed down by EAP
>   methods.  "
>
> To 
>
> "In order to preserve the security of keys derived within EAP methods,
> lower layers MUST NOT export keys passed down by EAP
> methods.  "
>  
Ok, I think...

> ---
> Change
>
> "EAP keying material and parameters provided to a lower layer other
>   than AAA MUST NOT be transported to another entity."
>
> To
>
> "EAP keying material and parameters provided to a lower layer MUST NOT
> be transported to another entity."
>  
Seems to prohibit distributed authenticators, including
802.11r. I'd be OK with this if we didn't exclude transportation
of keys derived from the provided keys.

> ---
> Change
>
> "The exception to the "no sharing" rule is the AAA layer.  On EAP
>   server, keying material requested by and passed down to the AAA layer
>   may be replicated to the AAA layer on the authenticator.   On the
>   authenticator, the AAA layer may provide the replicated keying
>   material to the lower layer over which the EAP authentication
>   conversation took place.  This enables "mode independence" to be
>   maintained. "
>
> To 
>
> "The AAA layer may transport keys that are exported from the EAP server.
> On EAP
>   server, keying material requested by and passed down to the AAA layer
>   may be replicated to the AAA layer on the authenticator.   On the
>   authenticator, the AAA layer may provide the replicated keying
>   material to the lower layer over which the EAP authentication
>   conversation took place.  This enables "mode independence" to be
>   maintained."
>  
Ok.

> -----------
> Section 2.3
> -----------
>
> Change 
> "The caching behavior of existing EAP lower layers is as follows:"
> To
> "The caching behavior of existing EAP lower layers and AAA layers is as
> follows:"
>  
Ok. Maybe s/AAA layers/AAA/

--Jari