eap Mailing List: RE: Issue: Requirement on transport of EAP keying material

[Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri]

I don't see how the proposed change makes anything any different? 

-----Original Message-----
From: Salowey, Joe [mailto:jsalowey [at] cisco.com] 
Sent: Thursday, December 01, 2005 5:14 PM
To: eap [at] frascone.com
Subject: [eap] Issue: Requirement on transport of EAP keying material

Submitter name: Joe Salowey
Submitter email address: jsalowey [at] cisco.com Date first submitted:
12/1/2005
Reference:
Document: Keying Framework
Comment type: 'T'echnical
Priority: '1' Should fix
Section: 2.2
Rationale/Explanation of issue:

The document states 

"In order to prevent the compromise of
   transported EAP keying material and parameters, the AAA client and
   EAP authenticator MUST be co-resident."

It could be possible for the EAP authenticator to use another secure
protocol other than a AAA protocol to transport EAP key material.  

Requested change:

"In order to prevent the compromise of
   transported EAP keying material and parameters they MUST be securely
transmitted from the entity that hosts the EAP server to the entity that
hosts the EAP authenticator and makes use of the key material."
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap