eap Mailing List: Re: Issue: Use of term lower layer

[Jari Arkko (jari.arkko]

Julien Bournelle wrote:

> Hi all,
>
> On Thu, Dec 01, 2005 at 03:05:49PM -0800, Salowey, Joe wrote:
>  
>
> > Submitter name: Joe Salowey
> > Submitter email address: jsalowey [at] cisco.com
> > Date first submitted: 12/1/2005
> > Reference: 
> > Document: Keying Framework
> > Comment type: E
> > Priority: '1' Should fix 
> > Section: 2 
> > Rationale/Explanation of issue:
> >
> > The term lower layer is used inconsistently in the document. 
> >
> > Lower layer should refer to the protocol between the EAP Peer and the
> > EAP Authenticator.  It is between these entities that the security
> > association protocol is typically run.  The MSK is transported to the
> > lower layer. 
> >    
>
> just a question: what do we mean here by the security association
> protocol ? the protocol used to secure the access (e.g. IKE or 4
> way-handshake) or the EAP lower-layer ?
>
>  
Figure 2 and Section 3.1 should define this... let us know
otherwise. Its the client - NAS protocol to run after EAP has
completed.

> I ask the question because in PANA, we have this distinction. From the
> AAA-Key, we derived the PANA_MAC_Key which is used to protect further
> PANA signaling between the EAP client (PaC) and the EAP Authenticator
> (PAA). We also derive a key from the AAA-Key which can be used as an
> IKE psk between the EAP peer (PaC) and the Enforcement Point located in
> the AR (cf. draft-ietf-pana-ipsec-xx.txt).
>
>  
I think that's fine.

--Jari