| RE: Proposed Resolution to Issue 314: AAA-Key Confusion | <– Date –> <– Thread –> |
From: Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri motorola.com)
|
|
| Date: Tue, 10 Jan 2006 13:56:13 -0800 (PST) | |
Other parts of text seems to rightfully imply that the keys are transported at the AAA layer, i.e. from AAA server through possibly AAA proxies to AAA client, so why are we saying "transported from the EAP server to the authenticator"?? Should say "AAA server to the AAA client" or "from the home AAA server to the authenticator through the AAA client". Madjid -----Original Message----- From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] Sent: Sunday, January 08, 2006 12:31 PM To: eap [at] frascone.com Subject: [eap] Proposed Resolution to Issue 314: AAA-Key Confusion The text of Issue 314 is available here: http://www.drizzle.com/~aboba/EAP/eapissues3.html#Issue%20314 The Proposed Resolution is as follows: In Section 2.1, change: " An additional step (phase 1b) is required in deployments which include a backend authentication server, in order to transport keying material from the backend authentication server to the authenticator. In order to obey the principle of Mode Independence, where a backend server is present AAA Key transport needs to provide the exported EAP keying material and/or derived keys required for derivation of the TSKs. Since existing TSK derivation techniques depend solely on the MSK, in existing AAA implementations, this is the only keying material replicated in the AAA key transport phase 1b. " To: " An additional step (phase 1b) is required in deployments which include a backend authentication server, in order to transport keying material from the backend authentication server to the authenticator. In order to obey the principle of Mode Independence, where a backend server is present, all keying material which us required by the lower layer needs to be transported from the EAP server to the authenticator. Since existing TSK derivation techniques depend solely on the MSK, in existing implementations, this is the only keying material replicated in the AAA key transport phase 1b. " _________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/eap Arhives: http://lists.frascone.com/pipermail/eap
-
Proposed Resolution to Issue 314: AAA-Key Confusion Bernard Aboba, January 8 2006
- Re: Proposed Resolution to Issue 314: AAA-Key Confusion Jari Arkko, January 11 2006
- Re: Proposed Resolution to Issue 314: AAA-Key Confusion Yoshihiro Ohba, January 11 2006
- RE: Proposed Resolution to Issue 314: AAA-Key Confusion Nakhjiri Madjid-MNAKHJI1, January 10 2006
- RE: Proposed Resolution to Issue 314: AAA-Key Confusion Bernard Aboba, January 10 2006
- RE: Proposed Resolution to Issue 314: AAA-Key Confusion Nakhjiri Madjid-MNAKHJI1, January 11 2006
Results generated by Tiger Technologies using MHonArc.