| RE: Issue: section 2.1 AAA key caching | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 2 May 2006 16:38:53 -0700 (PDT) | |
The intent is to make sure that if you are going to re-use the MSK that you should have some making sure that the keys you derive from it will not be re-used if you re-use the MSK, for example incorporating the peer and authenticator nonce's in the TSK derivation in the SAP. Perhaps the following would be better: "If the AAA layer does cache an MSK then the derivation of TSKs derived from the MSK MUST prevent key reuse. " > -----Original Message----- > From: Lakshminath Dondeti [mailto:ldondeti [at] qualcomm.com] > Sent: Tuesday, May 02, 2006 2:50 PM > To: Salowey, Joe; eap [at] frascone.com > Subject: Re: [eap] Issue: section 2.1 AAA key caching > > Hi Joe, > > I don't understand the last sentence: "If the AAA layer does cache an > MSK then the use of TSKs derived from the MSK MUST prevent > key reuse. " > > The rest of the text looks good and covers the robustness > considerations you bring up. > > regards, > Lakshminath > > At 02:25 PM 5/2/2006, Salowey, Joe wrote: > >Submitter name: Joe Salowey > >Submitter email address: jsalowey [at] cisco.com > >Date first submitted: 05/02/06 > >Reference: > >Document: Keying Framework > >Comment type: T > >Priority: 2 > >Section: 2.1 > >Rationale/Explanation of issue: > > > >The Current draft states that keys may not be cached once > transported. I > >am wondering if this is too restrictive. Perhaps keys will be cached > >for session recovery and availability purposes. > > > >Suggested Text: > > > > "In order to avoid key reuse, the AAA layer SHOULD delete > transported > > keys once they are sent. The AAA layer SHOULD NOT retain > keys that > > it has previously sent. For example, a AAA layer that has > > transported the MSK SHOULD delete it. If the AAA layer > does cache an > >MSK > > then the use of TSKs derived from the MSK MUST prevent > key reuse. " > > > >_________________________________________________________________ > >To unsubscribe or modify your subscription options, please visit: > >http://lists.frascone.com/mailman/listinfo/eap > > > >Arhives: http://lists.frascone.com/pipermail/eap >
-
Issue: section 2.1 AAA key caching Salowey, Joe, May 2 2006
- Message not available
- Re: Issue: section 2.1 AAA key caching Lakshminath Dondeti, May 2 2006
- RE: Issue: section 2.1 AAA key caching Salowey, Joe, May 2 2006
- Message not available
- RE: Issue: section 2.1 AAA key caching Lakshminath Dondeti, May 2 2006
- Message not available
-
RE: Issue: section 2.1 AAA key caching Salowey, Joe, May 3 2006
- Message not available
- RE: Issue: section 2.1 AAA key caching Lakshminath Dondeti, May 3 2006
- Message not available
- RE: Issue: section 2.1 AAA key caching Salowey, Joe, May 3 2006
Results generated by Tiger Technologies using MHonArc.