| Re: PANA and EAP keying framework | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Tue, 10 Jan 2006 08:21:13 -0800 (PST) | |
On Mon, Jan 09, 2006 at 10:59:25PM -0800, Bernard Aboba wrote: > > TSKs are generated using a Secure Association Protocol > > Can you elaborate on this? If the TSKs are generated via an IKE DH > exchange, with the MSK used only for authentication (as in IKEv2/EAP) then > the TSKs are not dependent on the MSK and PFS is possible, right? Yes. When IKE is used as the SAP, the IKE PSK derived from MSK is used only for peer entity authentication for IKE DH and thus PFS is possible. On the other hand when IEEE 802.11i 4-way handshake is used as the SAP, PFS is possible if the negotiated EAP method supports this. > > > between the peer and and authenticator port > > Not sure I understand this. The SAP exchange is between the peer and > authenticator, not between specific ports. However, a result of the SAP > exchange can be derivation of TSKs which are bound to specific ports. Since an authenticator port part of authenticator, it does not seem to conflict with the statement that the SAP exchange is between the peer and authenticator. > > > Point), where both link-layer specific key exchange protocols and > > IKE can be used as the Secure Association Protocol depending on > > whether link-layer ciphering or IPsec is used between the peer > > and the authenticator port. > > What is a "link-layer specific key exchange protocol"? Are we talking > about existing SAPs such as 802.11i 4-way handshake, or something else? Yes, 802.11i 4-way handshake is a link-layer specific key exchange protocol. > > > > The key scope and lifetime of the > > TSKs are communicated from the authenticator to the peer. > > How? IKE does not define explicit lifetimes, nor does it care about key > scope because it doesn't support caching. The lifetime of PANA session is carried in PANA message. This lifetime is the same as the authorization lifetime which is also same as the lifetime of the MSK. Then, draft-ietf-pana-ipsec specifies that when IKE is used as the SAP, the lifetime of the IKE SA is bound to the lifetime of the MSK. Regarding the key scope, it is important for the peer to know which authenticator ports (Enforcement Points) belong to the authenticator the peer is communicating. This fact does not seem to depend on the type of the SAP. The list of EPs clearly defines the key scope. > > > > The key scope is specified as a list of device identifiers of the > > Enforcement Points. > > This doesn't make sense where IKE is used as the SAP unless we are talking > about MOBIKE (which can move SAs between addresses). Even without mobility, the peer can choose any one or more of EPs to secure data traffic using IPsec (e.g., for load balancing purpose). The list of EPs can make sense to help the peer to know the choices. Yoshihiro Ohba
-
PANA and EAP keying framework Yoshihiro Ohba, January 9 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 9 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
- Re: PANA and EAP keying framework Bernard Aboba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 9 2006
- Re: PANA and EAP keying framework Jari Arkko, January 10 2006
- RE: PANA and EAP keying framework Walker, Jesse, January 10 2006
Results generated by Tiger Technologies using MHonArc.