| Proposed Resolution to Issue 323: AAA Key Cache | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Sun, 8 Jan 2006 10:37:56 -0800 (PST) | |
The text of Issue 323 is available here: http://www.drizzle.com/~aboba/EAP/eapissues3.html#Issue%20323
The proposed resolution is as follows:
Change the text in Section 2.3 to the following:
"AAA
Existing AAA client, proxy and server implementations supporting RADIUS/EAP [RFC3579] or Diameter
EAP [RFC4072] do not support caching of EAP keying material or
parameters. In existing AAA client, proxy and server implementations, exported EAP
keying material (MSK, EMSK and IV) as well as parameters and
derived keys are not cached and MUST be presumed lost after the AAA
exchange completes.
In order to avoid key reuse, the AAA layer MUST delete transported keys once they are sent. The AAA layer MUST NOT retain keys that it has previously sent. For example, a AAA layer that has transported the MSK MUST delete it, and keys MUST NOT be derived from the MSK from that point forward."
-
Proposed Resolution to Issue 323: AAA Key Cache Bernard Aboba, January 8 2006
-
RE: Proposed Resolution to Issue 323: AAA Key Cache Nakhjiri Madjid-MNAKHJI1, January 10 2006
- RE: Proposed Resolution to Issue 323: AAA Key Cache Bernard Aboba, January 10 2006
- RE: Proposed Resolution to Issue 323: AAA Key Cache Nakhjiri Madjid-MNAKHJI1, January 11 2006
- RE: Proposed Resolution to Issue 323: AAA Key Cache Salowey, Joe, January 15 2006
-
RE: Proposed Resolution to Issue 323: AAA Key Cache Nakhjiri Madjid-MNAKHJI1, January 10 2006
Results generated by Tiger Technologies using MHonArc.