| Re: Keying lifetimes (WG LC "Keying Fwk") | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Fri, 21 Jul 2006 14:30:32 -0700 (PDT) | |
Alper: We shall not present this (a) as if it is a complete mechanism that can manage key lifetimes on all relevant parties (peer, authenticator, authentication server). This only provides the MSK lifetime to the authenticator. Only when coupled with how peer learns the key lifetime for MSK and EMSK we'd have a complete solution.
Right.
Alper: I think what I'm suggesting is to enumerate these alternatives, such that (a) appears under "how authenticator dynamically learns the MSK lifetime."
This makes sense.
Alper: Secure Association Protocol is a "consumer" of MSK. For that, I don't
expect it to set the any attributes of the MSK it is "using." Doing
otherwise is a hack, IMHO. I recommend we remove the current text from this
option.
In practice the SAP handles this in a number of cases, including IKEv2, 802.16e, and 11r. So I don't think we can leave it out.
Alper: But, we shall retain the option. IMO, the technically correct way of doing this is not via the "secure association" protocol, but via the "eap transport". The lifetime learned from the authentication server via AAA protocols can be conveyed to the EAP peer via such protocols. If people agree, I can propose text.
We should probably describe this as another option.
[d] Method specific negotiation within EAP. While EAP itself does not support lifetime negotiation, it would be possible to specify methods that do. However, systems that rely on such negotiation for exported keys would only function with these methods. In the interest of method independence, key management of exported or derived keys SHOULD NOT be provided within EAP methods.
Alper: again, this is all about how peer and authentication server agrees on
the MSK and EMSK lifetimes. It does not help the authenticator. We shall
categorize this mechanism as such.
Yes. In fact, it might create problems if *both* the method and SAP/transport are trying to negotiate the lifetime. Do you have text to suggest?
Alper: Besides, what is the interaction between the lifetimes known and
delivered by the EAP methods and the AAA protocols? My understanding is, EAP
methods may export lifetimes, and the AAA protocol has the last say whether
the lifetime should be same as reported by the EAP method, or something
less. This is all about the "authorization" aspect.
Right. Another potential conflict.
-
Keying lifetimes (WG LC "Keying Fwk") Alper Yegin, July 19 2006
- Re: Keying lifetimes (WG LC "Keying Fwk") Bernard Aboba, July 21 2006
- Re: Keying lifetimes (WG LC "Keying Fwk") Alper Yegin, July 24 2006
Results generated by Tiger Technologies using MHonArc.