| Proposed Resolution to Issue 316: Counter Length | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Sun, 8 Jan 2006 10:34:03 -0800 (PST) | |
The text of Issue 316 is available here: http://www.drizzle.com/~aboba/EAP/eapissues3.html#Issue%20316
The Proposed Resolution is as follows:
The proposed resolution is as follows:
In Section 5.8, change:
"Lower Layer The lower layer Secure Association Protocol MUST generate a fresh session key for each session, even if the keying material and parameters provided by EAP methods are cached, or the peer or authenticator lacks a high entropy random number generator. A RECOMMENDED method is for the peer and authenticator to each provide a nonce or counter of at least 128 bits, used in session key derivation. "
To:
"Lower Layer The lower layer Secure Association Protocol MUST generate a fresh session key for each session, even if the keying material and parameters provided by EAP methods are cached, or the peer or authenticator lack a high entropy random number generator. A RECOMMENDED method is for the peer and authenticator to each provide a nonce or counter used in session key derivation. If a nonce is used, it is RECOMMENDED that it be at least 128 bits."
-
Proposed Resolution to Issue 316: Counter Length Bernard Aboba, January 8 2006
- Re: Proposed Resolution to Issue 316: Counter Length Jari Arkko, January 11 2006
Results generated by Tiger Technologies using MHonArc.