| PANA and EAP keying framework | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Mon, 9 Jan 2006 19:03:03 -0800 (PST) | |
Description of issue
Submitter name: Yoshihiro Ohba
Submitter email address: yohba [at] tari.toshiba.com
Date first submitted: Insert_Date_Here
Reference:
Document: Keying Framework
Comment type: 'T'
Priority: '1'
Section: 2.3
Rationale/Explanation of issue: It would be useful to add some
description on how PANA handle the caching of EAP keying material and
the generation of transient session keys.
Requested change:
Add the following description in Section 2.3:
"
PANA
PANA [I-D.ietf-pana-pana] supports caching of the MSK, but not
the EMSK, IV, Session-ID, Peer-ID or Server-ID. In the PANA
model [I-D.ietf-pana-framework], TSKs are generated using a
Secure Association Protocol between the peer and and
authenticator port (which is referred to as an Enforcement
Point), where both link-layer specific key exchange protocols and
IKE can be used as the Secure Association Protocol depending on
whether link-layer ciphering or IPsec is used between the peer
and the authenticator port. The key scope and lifetime of the
TSKs are communicated from the authenticator to the peer. The
key scope is specified as a list of device identifiers of the
Enforcement Points. Depending on the Secure Association
Protocol in use, TSK rekey is possible without EAP
re-authentication.
"
-
PANA and EAP keying framework Yoshihiro Ohba, January 9 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 9 2006
-
Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
- Re: PANA and EAP keying framework Bernard Aboba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
-
Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 9 2006
Results generated by Tiger Technologies using MHonArc.