| Re: hopefully final changes for draft-ietf-eap-keying | <– Date –> <– Thread –> |
From: Dan Simon (dansimon microsoft.com)
|
|
| Date: Fri, 16 Nov 2007 09:10:42 -0800 (PST) | |
Having looked over the proposed changes, I share the concern about the modified language relating to key-sharing. The new language is disturbingly vague—would any key-sharing among authenticators or EAP servers be acceptable,
as long as the shared keys have passed through a key derivation step? Since virtually all the keys in the hierarchy were derived at some point, the restriction on key-sharing would effectively disappear completely under the new language.
I would propose more restrictive changes to the language, but after looking at the documents of the HOKEY group (whence, as I understand it, the initiative to loosen the key-sharing language emerged), I can’t for the life of me see
any incompatibilities between their work and the current language. Perhaps someone could articulate a clear, plausible example of a case where adherence to the current language significantly impedes HOKEY progress—or for that matter, progress on the design
of any other useful protocol standard?
So my vote would be to leave the key-sharing portion of the text from -18 intact.
Dan Simon
- Re: hopefully final changes for draft-ietf-eap-keying, (continued)
- Re: hopefully final changes for draft-ietf-eap-keying Glen Zorn, November 12 2007
- Re: hopefully final changes for draft-ietf-eap-keying Jari Arkko, November 12 2007
- Re: hopefully final changes for draft-ietf-eap-keying Bernard_Aboba, November 12 2007
-
Re: hopefully final changes for draft-ietf-eap-keying Yoshihiro Ohba, November 16 2007
- Re: hopefully final changes for draft-ietf-eap-keying Bernard_Aboba, November 16 2007
- Re: hopefully final changes for draft-ietf-eap-keying Dan Harkins, November 16 2007
Results generated by Tiger Technologies using MHonArc.