| Re: Proposed Resolution to Issue 316: Counter Length | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Wed, 11 Jan 2006 02:23:32 -0800 (PST) | |
Ok.
Bernard Aboba wrote:
Bernard Aboba wrote:
The text of Issue 316 is available here: http://www.drizzle.com/~aboba/EAP/eapissues3.html#Issue%20316
The Proposed Resolution is as follows:
The proposed resolution is as follows:
In Section 5.8, change:
"Lower Layer The lower layer Secure Association Protocol MUST generate a fresh session key for each session, even if the keying material and parameters provided by EAP methods are cached, or the peer or authenticator lacks a high entropy random number generator. A RECOMMENDED method is for the peer and authenticator to each provide a nonce or counter of at least 128 bits, used in session key derivation. "
To:
"Lower Layer The lower layer Secure Association Protocol MUST generate a fresh session key for each session, even if the keying material and parameters provided by EAP methods are cached, or the peer or authenticator lack a high entropy random number generator. A RECOMMENDED method is for the peer and authenticator to each provide a nonce or counter used in session key derivation. If a nonce is used, it is RECOMMENDED that it be at least 128 bits."
_________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.frascone.com/pipermail/eap
-
Proposed Resolution to Issue 316: Counter Length Bernard Aboba, January 8 2006
- Re: Proposed Resolution to Issue 316: Counter Length Jari Arkko, January 11 2006
Results generated by Tiger Technologies using MHonArc.