| Re: Issue 371: Session-Id calculation | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Sat, 24 Jun 2006 22:28:11 -0700 (PDT) | |
Here is the revised text of Section 1.2, 1.4 and Appendix A:
New Section 1.2 definition:
Section 1.4:
" Session-Id
Appendix A text for EAP-TLS, AKA, and SIM:
" EAP-TLS
EAP-AKA
EAP-SIM
New Section 1.2 definition:
"Session-Id
The EAP Session-Id uniquely identifies an EAP session between an
EAP peer (as identified by the Peer-Id) and server (as identified
by the Server-Id). For more information, see Section 1.4."Section 1.4:
" Session-Id
The Session-Id uniquely identifies an EAP session between an EAP
peer (as identified by the Peer-Id) and server (as identified by
the Server-Id). Where the EAP Type Code is less than 255, the EAP
Session-Id consists of the concatenation of the EAP Type Code and
a temporally unique identifier obtained from the method. Where
expanded EAP Type Codes are used, the EAP Session-Id consists of
the Expanded Type Code (including the Type, Vendor-Id and Vendor-
Type fields defined in [RFC3748] Section 5.7) concatenated with a
temporally unique identifier obtained from the method. This
unique identifier is typically constructed from nonces or
counters used within the EAP method exchange. The inclusion of
the Type Code in the EAP Session-Id ensures that each EAP method
has a distinct Session-Id space. Since an EAP session is not
bound to a particular authenticator or specific ports on the peer
and authenticator, the authenticator port or identity are not
included in the Session-Id."Appendix A text for EAP-TLS, AKA, and SIM:
" EAP-TLS
EAP-TLS is defined in [RFC2716]. The EAP-TLS Session-Id is the
concatenation of the EAP Type Code (0x0D) with the peer and server
nonces. The Peer-Id and Server-Id are the contents of the
altSubjectName in the peer and server certificates.EAP-AKA
EAP-AKA is defined in [RFC4187]. The EAP-AKA Session-Id is the
concatenation of the EAP Type Code (0x17) with the contents of the
RAND field from the AT_RAND attribute, followed by the contents of
the AUTN field in the AT_AUTN attribute. The Peer-Id is the contents of the Identity field from the
AT_IDENTITY attribute, using only the Actual Identity Length
octets from the beginning, however. Note that the contents are
used as they are transmitted, regardless of whether the
transmitted identity was a permanent, pseudonym, or fast re-
authentication identity. The Server-Id is an empty string.EAP-SIM
EAP-SIM is defined in [RFC4186]. The EAP-SIM Session-Id is the
concatenation of the EAP Type Code (0x12) with the contents of the
RAND field from the AT_RAND attribute, followed by the contents of
the NONCE_MT field in the AT_NONCE_MT attribute. The Peer-Id is the contents of the Identity field from the
AT_IDENTITY attribute, using only the Actual Identity Length
octets from the beginning, however. Note that the contents are
used as they are transmitted, regardless of whether the
transmitted identity was a permanent, pseudonym, or fast re-
authentication identity. The Server-Id is an empty string."From: "M. Vanderveen" <mvandervn [at] yahoo.com> To: Bernard Aboba <bernard_aboba [at] hotmail.com> Subject: Re: [eap] Issue 371: Session-Id calculation Date: Sat, 24 Jun 2006 20:44:52 -0700 (PDT)
That sounds fine. Michaela
Bernard Aboba <bernard_aboba [at] hotmail.com> wrote: Issue 371: Session-Id Calculation Submitter name: Bernard Aboba Submitter email address: aboba [at] internaut.com Date Submitted: June 24, 2006 Reference: Document: KEYING-13 Comment type: 'T'echnical Priority: S Section: Appendix A Rationale/Explanation of issue:
For methods allocated with the standard EAP space (TLS, AKA, SIM) Appendix A
states that the Session-Id is constructed as follows:
"Session-Id is the concatenation of the Expanded EAP Type Code (including the Type, Vendor-Id and Vendor-Type fields defined in [RFC3748] Section 5.7) with the..."
Since these methods have no Vendor-Id or Vendor-Type fields, are these fields included or not?
My recommendation is to replace the text as follows:
"Session-Id is the concatenation of the EAP Type Code (here>) with the..."
_________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.frascone.com/pipermail/eap
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
-
Issue 371: Session-Id calculation Bernard Aboba, June 24 2006
- Re: Issue 371: Session-Id calculation Bernard Aboba, June 24 2006
- Re: Issue 371: Session-Id calculation Jari Arkko, June 25 2006
Results generated by Tiger Technologies using MHonArc.