| Re: Issue: Use of term lower layer | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Tue, 13 Dec 2005 08:20:00 -0800 (PST) | |
Yes. But would issue 313 (distributed authenticators) also solve the problem? Yoshihiro Ohba wrote: >I think there is an issue. > >In the eap-keying draft, secure association protocol is to be run >between the peer and authenticator, but in draft-ietf-pana-pana and >draft-ietf-pana-framework, secure association protocol is to be run >between PaC and EP, where EP in the PANA model does not have >authenticator functionality. > >We could resolve this issue by revising the definition of secure >association protocol such that it is run between peer port and >authenticator port. This is not bad because the secure association >protocol is for particular pair of ports. > >Yoshihiro Ohba > > >On Tue, Dec 13, 2005 at 02:42:31PM +0200, Jari Arkko wrote: > > >>Julien Bournelle wrote: >> >> >> >>>Hi all, >>> >>>On Thu, Dec 01, 2005 at 03:05:49PM -0800, Salowey, Joe wrote: >>> >>> >>> >>> >>>>Submitter name: Joe Salowey >>>>Submitter email address: jsalowey [at] cisco.com >>>>Date first submitted: 12/1/2005 >>>>Reference: >>>>Document: Keying Framework >>>>Comment type: E >>>>Priority: '1' Should fix >>>>Section: 2 >>>>Rationale/Explanation of issue: >>>> >>>>The term lower layer is used inconsistently in the document. >>>> >>>>Lower layer should refer to the protocol between the EAP Peer and the >>>>EAP Authenticator. It is between these entities that the security >>>>association protocol is typically run. The MSK is transported to the >>>>lower layer. >>>> >>>> >>>> >>>> >>>just a question: what do we mean here by the security association >>>protocol ? the protocol used to secure the access (e.g. IKE or 4 >>>way-handshake) or the EAP lower-layer ? >>> >>> >>> >>> >>> >>Figure 2 and Section 3.1 should define this... let us know >>otherwise. Its the client - NAS protocol to run after EAP has >>completed. >> >> >> >>>I ask the question because in PANA, we have this distinction. From the >>>AAA-Key, we derived the PANA_MAC_Key which is used to protect further >>>PANA signaling between the EAP client (PaC) and the EAP Authenticator >>>(PAA). We also derive a key from the AAA-Key which can be used as an >>>IKE psk between the EAP peer (PaC) and the Enforcement Point located in >>>the AR (cf. draft-ietf-pana-ipsec-xx.txt). >>> >>> >>> >>> >>> >>I think that's fine. >> >>--Jari >> >>_________________________________________________________________ >>To unsubscribe or modify your subscription options, please visit: >>http://lists.frascone.com/mailman/listinfo/eap >> >>Arhives: http://lists.frascone.com/pipermail/eap >> >> >> > > > >
- Re: Issue: Use of term lower layer, (continued)
- Re: Issue: Use of term lower layer Jari Arkko, December 6 2005
-
Re: Issue: Use of term lower layer Julien Bournelle, December 7 2005
-
Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
- Re: Issue: Use of term lower layer Yoshihiro Ohba, December 13 2005
- Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
- Re: Issue: Use of term lower layer Yoshihiro Ohba, December 13 2005
- Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
- Re: Issue: Use of term lower layer Yoshihiro Ohba, December 13 2005
- RE: Issue: Use of term lower layer Alper Yegin, December 19 2005
-
Re: Issue: Use of term lower layer Jari Arkko, December 13 2005
Results generated by Tiger Technologies using MHonArc.