| RE: Proposed Resolution of Issue 320: Use of term Lower Layer | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 24 Jan 2006 23:26:10 -0800 (PST) | |
This looks good to me. > -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > Sent: Monday, January 23, 2006 7:32 AM > To: bernard_aboba [at] hotmail.com; eap [at] frascone.com > Subject: RE: [eap] Proposed Resolution of Issue 320: Use of > term Lower Layer > > One more: > > Change the first two paragraphs of Section 2.2 to: > > "As illustrated in Figure 3, on completion of EAP authentication, EAP > methods > export the Master Session Key (MSK), Extended > Master Session Key (EMSK), Peer-ID, > Server-ID, Session-ID and Key-Lifetime to the EAP peer or > authenticator > layers. The > Initialization Vector (IV) is > deprecated. > > The EAP peer and authenticator layers MUST NOT modify or cache > keying material or parameters (including Channel Bindings) > passing in either direction between > the EAP method layer and the EAP layer. > The EAP layer also MUST NOT cache keying material or parameters > (including Channel Bindings) passed to it, whether by the EAP > peer/authenticator > layer, the lower layer or the AAA layer." > > >Additional changes required to resolve this issue: > > > >Change: > > > >"Existing EAP lower layers handle the caching of EAP keying > >material and the generation of transient session keys in > >different ways:" > > > >To: > > > >"Existing EAP lower layers and AAA layers handle the caching > of EAP keying > >material and the generation of transient session keys in > >different ways:" > > > >Change "Lower Layer" to "Lower Layer or AAA" in Figure 3. > > > >>The text of Issue 320 is enclosed below. The proposed > resolution is to > >>accept the changes, with modifications to one of the suggestions as > >>follows: > >> > >>Change > >> > >>"The exception to the "no sharing" rule is the AAA layer. On EAP > >>server, keying material requested by and passed down to the > AAA layer > >>may be replicated to the AAA layer on the authenticator. On the > >>authenticator, the AAA layer may provide the replicated keying > >>material to the lower layer over which the EAP authentication > >>conversation took place. This enables "mode independence" to be > >>maintained. " > >> > >>To > >> > >>"On the EAP server, keying material requested by and passed > down to the > >>AAA layer > >>may be replicated to the AAA layer on the authenticator. On the > >>authenticator, the AAA layer may provide the replicated keying > >>material to the lower layer over which the EAP authentication > >>conversation took place. This enables "mode independence" to be > >>maintained. > >>However, the EMSK MUST NOT be transported by the AAA layer." > >> > >>------------------------------------------------------------ > --------------------------------------------------------- > >>Issue 320: Use of term lower layer > >>Submitter name: Joe Salowey > >>Submitter email address: jsalowey [at] cisco.com > >>Date Submitted: December 1, 2005 > >>Reference: > >>Document: Keying-08 > >>Comment type: E > >>Priority: 1 > >>Section: 2 > >>Rationale/Explanation of issue: > >>The term lower layer is used inconsistently in the document. > >> > >>Lower layer should refer to the protocol between the EAP > Peer and the > >>EAP Authenticator. It is between these entities that the security > >>association protocol is typically run. The MSK is > transported to the > >>lower layer. > >> > >>AAA is not an EAP lower layer except in the special case > where the AAA > >>client and server are acting as the EAP Peer and EAP > Authenticator for > >>some reason (an example of this could was in EUSM). > Entities other than > >>the lower layer may obtain keys derived from the EMSK. > >> > >>Requested change: > >> > >>Section 2.1 > >>----------- > >>change > >> > >>"Of these phases, Phase 0, 1b and Phase 2 are handled by a > lower layer." > >> > >>To > >> > >>"Of these phases, Phase 0, 1b and Phase 2 are handled > external to EAP. > >>Phases 0 and 2 are handled by the lower layer protocol and > phase 1b is > >>typically handled by a AAA protocol." > >> > >>Section 2.2 > >>------------ > >>(remove references to IV) > >>--- > >>Change > >> > >>"The EMSK MUST NOT be provided to the lower layer, nor is > it permitted > >>to pass any quantity to the lower layer from which the EMSK could be > >>computed without breaking some cryptographic assumption, such as > >>inverting a one-way function." > >> > >>To > >> > >>"The EMSK MUST NOT be provided to an entity outside the EAP > server or > >>peer, nor is it permitted to pass any quantity to an > entity outside the > >>EAP > >>server or peer from which the EMSK could be computed > without breaking some > >>cryptographic assumption, such as > >>inverting a one-way function." > >>--- > >>Change > >> > >>"In order to preserve the security of keys derived within > EAP methods, > >>lower layers other than AAA MUST NOT export keys passed down by EAP > >>methods. " > >> > >>To > >> > >>"In order to preserve the security of keys derived within > EAP methods, > >> lower layers MUST NOT export keys passed down by EAP > >> methods." > >>--- > >>Change > >> > >>"EAP keying material and parameters provided to a lower layer other > >>than AAA MUST NOT be transported to another entity." > >> > >>To > >> > >>"EAP keying material and parameters provided to a lower > layer MUST NOT > >>be transported to another entity." > >>--- > >>Change > >> > >>"The exception to the "no sharing" rule is the AAA layer. On EAP > >>server, keying material requested by and passed down to the > AAA layer > >>may be replicated to the AAA layer on the authenticator. On the > >>authenticator, the AAA layer may provide the replicated keying > >>material to the lower layer over which the EAP authentication > >>conversation took place. This enables "mode independence" to be > >>maintained. " > >> > >>To > >> > >>"The AAA layer may transport keys that are exported from > the EAP server. > >>On the EAP server, keying material requested by and passed > down to the AAA > >>layer > >>may be replicated to the AAA layer on the authenticator. On the > >>authenticator, the AAA layer may provide the replicated keying > >>material to the lower layer over which the EAP authentication > >>conversation took place. This enables "mode independence" to be > >>maintained." > >> > >>----------- > >>Section 2.3 > >>----------- > >> > >>Change > >>"The caching behavior of existing EAP lower layers is as follows:" > >> > >>To > >> > >>"The caching behavior of existing EAP lower layers and AAA > layers is as > >>follows:" > >> > >> > >>_________________________________________________________________ > >>To unsubscribe or modify your subscription options, please visit: > >>http://lists.frascone.com/mailman/listinfo/eap > >> > >>Arhives: http://lists.frascone.com/pipermail/eap > > > > > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
-
Proposed Resolution of Issue 320: Use of term Lower Layer Bernard Aboba, January 22 2006
-
RE: Proposed Resolution of Issue 320: Use of term Lower Layer Bernard Aboba, January 23 2006
- RE: Proposed Resolution of Issue 320: Use of term Lower Layer Bernard Aboba, January 23 2006
- RE: Proposed Resolution of Issue 320: Use of term Lower Layer Salowey, Joe, January 24 2006
-
RE: Proposed Resolution of Issue 320: Use of term Lower Layer Bernard Aboba, January 23 2006
Results generated by Tiger Technologies using MHonArc.