eap Mailing List: Re: hopefully final changes for draft-ietf-eap-keying

[Bernard_Aboba (Bernard_Aboba]

Forwarding for Dan.  

 

---

From: Dan Simon
Sent: Friday, November 16, 2007 9:10 AM
To: eap [at] frascone.com
Cc: jari.arkko [at] piuha.net; iesg [at] ietf.org
Subject: Re: [eap] hopefully final changes for draft-ietf-eap-keying

Having looked over the proposed changes, I share the concern about the modified language relating to key-sharing.  The new language is disturbingly vague?would any key-sharing among authenticators or EAP servers be acceptable, as long as the shared keys have passed through a key derivation step?  Since virtually all the keys in the hierarchy were derived at some point, the restriction on key-sharing would effectively disappear completely under the new language.

 

I would propose more restrictive changes to the language, but after looking at the documents of the HOKEY group (whence, as I understand it, the initiative to loosen the key-sharing language emerged), I can?t for the life of me see any incompatibilities between their work and the current language.  Perhaps someone could articulate a clear, plausible example of a case where adherence to the current language significantly impedes HOKEY progress?or for that matter, progress on the design of any other useful protocol standard?

 

So my vote would be to leave the key-sharing portion of the text from -18 intact.

 

                                Dan Simon