| Re: Issue: Use of term lower layer | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Tue, 13 Dec 2005 07:44:10 -0800 (PST) | |
I think there is an issue. In the eap-keying draft, secure association protocol is to be run between the peer and authenticator, but in draft-ietf-pana-pana and draft-ietf-pana-framework, secure association protocol is to be run between PaC and EP, where EP in the PANA model does not have authenticator functionality. We could resolve this issue by revising the definition of secure association protocol such that it is run between peer port and authenticator port. This is not bad because the secure association protocol is for particular pair of ports. Yoshihiro Ohba On Tue, Dec 13, 2005 at 02:42:31PM +0200, Jari Arkko wrote: > Julien Bournelle wrote: > > >Hi all, > > > >On Thu, Dec 01, 2005 at 03:05:49PM -0800, Salowey, Joe wrote: > > > > > >>Submitter name: Joe Salowey > >>Submitter email address: jsalowey [at] cisco.com > >>Date first submitted: 12/1/2005 > >>Reference: > >>Document: Keying Framework > >>Comment type: E > >>Priority: '1' Should fix > >>Section: 2 > >>Rationale/Explanation of issue: > >> > >>The term lower layer is used inconsistently in the document. > >> > >>Lower layer should refer to the protocol between the EAP Peer and the > >>EAP Authenticator. It is between these entities that the security > >>association protocol is typically run. The MSK is transported to the > >>lower layer. > >> > >> > > > >just a question: what do we mean here by the security association > >protocol ? the protocol used to secure the access (e.g. IKE or 4 > >way-handshake) or the EAP lower-layer ? > > > > > > > Figure 2 and Section 3.1 should define this... let us know > otherwise. Its the client - NAS protocol to run after EAP has > completed. > > >I ask the question because in PANA, we have this distinction. From the > >AAA-Key, we derived the PANA_MAC_Key which is used to protect further > >PANA signaling between the EAP client (PaC) and the EAP Authenticator > >(PAA). We also derive a key from the AAA-Key which can be used as an > >IKE psk between the EAP peer (PaC) and the Enforcement Point located in > >the AR (cf. draft-ietf-pana-ipsec-xx.txt). > > > > > > > I think that's fine. > > --Jari > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
-
Issue: Use of term lower layer Salowey, Joe, December 1 2005
- Re: Issue: Use of term lower layer Jari Arkko, December 6 2005
-
Re: Issue: Use of term lower layer Julien Bournelle, December 7 2005
-
Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
- Re: Issue: Use of term lower layer Yoshihiro Ohba, December 13 2005
- Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
- Re: Issue: Use of term lower layer Yoshihiro Ohba, December 13 2005
- Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
- Re: Issue: Use of term lower layer Yoshihiro Ohba, December 13 2005
-
Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
Results generated by Tiger Technologies using MHonArc.