| Re: Issue 343: Section 1,2 and 5 cleanup | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Tue, 28 Mar 2006 15:46:17 -0800 (PST) | |
Possession of transported keying material enables the backend authentication server to masquerade as the authenticator, and in some cases to obtain the TSKs (PPP, 802.11i, 802.16e)"
Actually, I don't believe this is true in IKEv2 since the authenticator needs to prove possession of *both* the IKEv2 secret (e.g. DH key) as well as the EAP MSK. So gaining possession of the MSK would not allow a backend authentication server to masquerade as the authenticator. Suggest this be rewritten as follows:
"Where demonstration of authorization depends entirely on possession of transported EAP keying material (such as in PPP, 802.11i and 802.16e), this enables the backend server to masquerade as the authenticator, and possibly to obtain the TSKs"
-
Issue 343: Section 1,2 and 5 cleanup Bernard Aboba, March 27 2006
- Re: Issue 343: Section 1,2 and 5 cleanup Bernard Aboba, March 28 2006
Results generated by Tiger Technologies using MHonArc.