| Re: Proposed Resolution to Issue 356: Ciphersuite Independence | <– Date –> <– Thread –> |
From: Joseph Salowey (jsalowey) (jsalowey cisco.com)
|
|
| Date: Wed, 7 Jun 2006 10:41:40 -0700 (PDT) | |
The text looks OK to me. > -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > Sent: Sunday, June 04, 2006 5:27 PM > To: eap [at] frascone.com > Subject: [eap] Proposed Resolution to Issue 356: Ciphersuite > Independence > > The text of Issue 356 is enclosed below. The proposed > resolution is to > replace the first paragraph of Section 3.7 with the following: > > 3.7. Key Strength > > As noted in Section 2.1, EAP lower layers determine TSKs in > different ways. Where EAP keying material is utilized in > the derivation, encryption or authentication of TSKs, it > is possible for EAP key generation to represent the weakest > link. > > In order to ensure that EAP methods produce keying > material of an appropriate symmetric key strength, > it is RECOMMENDED that EAP methods utilizing public > key cryptography choose a public key that has a > cryptographic strength providing the required level > of attack resistance. This is typically provided by > configuring EAP methods, since there is > no coordination between the lower layer and EAP method > with respect to minimum required symmetric key strength." > > -------------------------------------------------------------- > ---------------------------- > Issue 356: Ciphersuite Independence > Submitter name: Joe Salowey > Submitter email address: jsalowey [at] cisco.com > Date Submitted: April 30, 2006 > Reference: http://lists.frascone.com/pipermail/eap/msg04223.html > Document: KEYING-12 > Comment type: 'E'ditorial > Priority: '2' May fix > Section: 1.6.4 > Rationale/Explanation of issue: > > Section 3.7 implies that there is a system level coordination between > the strength of the keys exported by the EAP method and the > strength of > keys required by the lower layer. > > This section should reference this and indicate that the > coordination is > done outside of EAP. > > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
-
Proposed Resolution to Issue 356: Ciphersuite Independence Bernard Aboba, June 4 2006
- Re: Proposed Resolution to Issue 356: Ciphersuite Independence Joseph Salowey (jsalowey), June 7 2006
Results generated by Tiger Technologies using MHonArc.