| Proposed Resolution to Issue 356: Ciphersuite Independence | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Sun, 4 Jun 2006 17:27:24 -0700 (PDT) | |
The text of Issue 356 is enclosed below. The proposed resolution is to
replace the first paragraph of Section 3.7 with the following:
3.7. Key Strength
3.7. Key Strength
As noted in Section 2.1, EAP lower layers determine TSKs in different ways. Where EAP keying material is utilized in the derivation, encryption or authentication of TSKs, it is possible for EAP key generation to represent the weakest link.
In order to ensure that EAP methods produce keying material of an appropriate symmetric key strength, it is RECOMMENDED that EAP methods utilizing public key cryptography choose a public key that has a cryptographic strength providing the required level of attack resistance. This is typically provided by configuring EAP methods, since there is no coordination between the lower layer and EAP method with respect to minimum required symmetric key strength."
------------------------------------------------------------------------------------------ Issue 356: Ciphersuite Independence Submitter name: Joe Salowey Submitter email address: jsalowey [at] cisco.com Date Submitted: April 30, 2006 Reference: http://lists.frascone.com/pipermail/eap/msg04223.html Document: KEYING-12 Comment type: 'E'ditorial Priority: '2' May fix Section: 1.6.4 Rationale/Explanation of issue:
Section 3.7 implies that there is a system level coordination between the strength of the keys exported by the EAP method and the strength of keys required by the lower layer.
This section should reference this and indicate that the coordination is done outside of EAP.
-
Proposed Resolution to Issue 356: Ciphersuite Independence Bernard Aboba, June 4 2006
- Re: Proposed Resolution to Issue 356: Ciphersuite Independence Joseph Salowey (jsalowey), June 7 2006
Results generated by Tiger Technologies using MHonArc.