| Re: Issue 371: Session-Id calculation | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Sun, 25 Jun 2006 07:58:30 -0700 (PDT) | |
OK. --Jari Bernard Aboba wrote: >Here is the revised text of Section 1.2, 1.4 and Appendix A: > >New Section 1.2 definition: > >"Session-Id > The EAP Session-Id uniquely identifies an EAP session between an > EAP peer (as identified by the Peer-Id) and server (as identified > by the Server-Id). For more information, see Section 1.4." > >Section 1.4: > >" Session-Id > > The Session-Id uniquely identifies an EAP session between an EAP > peer (as identified by the Peer-Id) and server (as identified by > the Server-Id). Where the EAP Type Code is less than 255, the EAP > Session-Id consists of the concatenation of the EAP Type Code and > a temporally unique identifier obtained from the method. Where > expanded EAP Type Codes are used, the EAP Session-Id consists of > the Expanded Type Code (including the Type, Vendor-Id and Vendor- > Type fields defined in [RFC3748] Section 5.7) concatenated with a > temporally unique identifier obtained from the method. This > unique identifier is typically constructed from nonces or > counters used within the EAP method exchange. The inclusion of > the Type Code in the EAP Session-Id ensures that each EAP method > has a distinct Session-Id space. Since an EAP session is not > bound to a particular authenticator or specific ports on the peer > and authenticator, the authenticator port or identity are not > included in the Session-Id." > >Appendix A text for EAP-TLS, AKA, and SIM: > >" EAP-TLS > > EAP-TLS is defined in [RFC2716]. The EAP-TLS Session-Id is the > concatenation of the EAP Type Code (0x0D) with the peer and server > nonces. The Peer-Id and Server-Id are the contents of the > altSubjectName in the peer and server certificates. > > EAP-AKA > > EAP-AKA is defined in [RFC4187]. The EAP-AKA Session-Id is the > concatenation of the EAP Type Code (0x17) with the contents of the > RAND field from the AT_RAND attribute, followed by the contents of > the AUTN field in the AT_AUTN attribute. > > The Peer-Id is the contents of the Identity field from the > AT_IDENTITY attribute, using only the Actual Identity Length > octets from the beginning, however. Note that the contents are > used as they are transmitted, regardless of whether the > transmitted identity was a permanent, pseudonym, or fast re- > authentication identity. The Server-Id is an empty string. > > EAP-SIM > > EAP-SIM is defined in [RFC4186]. The EAP-SIM Session-Id is the > concatenation of the EAP Type Code (0x12) with the contents of the > RAND field from the AT_RAND attribute, followed by the contents of > the NONCE_MT field in the AT_NONCE_MT attribute. > > The Peer-Id is the contents of the Identity field from the > AT_IDENTITY attribute, using only the Actual Identity Length > octets from the beginning, however. Note that the contents are > used as they are transmitted, regardless of whether the > transmitted identity was a permanent, pseudonym, or fast re- > authentication identity. The Server-Id is an empty string." > > > > > > >>From: "M. Vanderveen" <mvandervn [at] yahoo.com> >>To: Bernard Aboba <bernard_aboba [at] hotmail.com> >>Subject: Re: [eap] Issue 371: Session-Id calculation >>Date: Sat, 24 Jun 2006 20:44:52 -0700 (PDT) >> >>That sounds fine. >> Michaela >> >>Bernard Aboba <bernard_aboba [at] hotmail.com> wrote: >> Issue 371: Session-Id Calculation >>Submitter name: Bernard Aboba >>Submitter email address: aboba [at] internaut.com >>Date Submitted: June 24, 2006 >>Reference: >>Document: KEYING-13 >>Comment type: 'T'echnical >>Priority: S >>Section: Appendix A >>Rationale/Explanation of issue: >> >>For methods allocated with the standard EAP space (TLS, AKA, SIM) Appendix >>A >>states that the Session-Id is constructed as follows: >> >>"Session-Id is the concatenation of the Expanded EAP Type Code (including >>the Type, >>Vendor-Id and Vendor-Type fields defined in [RFC3748] Section 5.7) with >>the..." >> >>Since these methods have no Vendor-Id or Vendor-Type fields, are these >>fields included or not? >> >>My recommendation is to replace the text as follows: >> >>"Session-Id is the concatenation of the EAP Type Code (here>) with the..." >> >> >>_________________________________________________________________ >>To unsubscribe or modify your subscription options, please visit: >>http://lists.frascone.com/mailman/listinfo/eap >> >>Arhives: http://lists.frascone.com/pipermail/eap >> >> >> >>--------------------------------- >>Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates >>starting at 1¢/min. >> >> > > >_________________________________________________________________ >To unsubscribe or modify your subscription options, please visit: >http://lists.frascone.com/mailman/listinfo/eap > >Arhives: http://lists.frascone.com/pipermail/eap > > > >
-
Issue 371: Session-Id calculation Bernard Aboba, June 24 2006
-
Re: Issue 371: Session-Id calculation Bernard Aboba, June 24 2006
- Re: Issue 371: Session-Id calculation Jari Arkko, June 25 2006
-
Re: Issue 371: Session-Id calculation Bernard Aboba, June 24 2006
Results generated by Tiger Technologies using MHonArc.