[prev in list] [next in list] [prev in thread] [next in thread]
List: ietf
Subject: RE: Problem with draft-sheffer-emu-eap-eke
From: "Glen Zorn" <gwz () net-zen ! net>
Date: 2010-11-17 12:01:25
Message-ID: 003801cb864f$2b19ca80$814d5f80$ () net
[Download RAW message or body]
Looks OK to me.
Hope this helps.
~gwz
> -----Original Message-----
> From: ietf-bounces@ietf.org [mailto:ietf-bounces@ietf.org] On Behalf Of
> Yaron Sheffer
> Sent: Wednesday, November 17, 2010 6:14 PM
> To: ietf@ietf.org
> Subject: Re: Problem with draft-sheffer-emu-eap-eke
>
> Expanding on my previous response, I suggest to resolve Bernard's
> concern by adding the following text:
>
> 5.6 EAP Key Generation
>
> EAP-EKE can be used for EAP key generation, as defined by [RFC 5247].
> When used in this manner, the values required to establish the key
> hierarchy are defined as follows:
>
> - Peer-Id is the EAP-EKE ID_P value.
> - Server-Id is the EAP-EKE ID_S value.
> - Session-Id is the concatenated Type | Nonce_P | Nonce_S, where Type is
> the method type defined for EAP-EKE in [Sec. 4.1], a single octet.
>
> Thanks,
> Yaron
>
> On 11/16/2010 05:49 PM, Yaron Sheffer wrote:
> > Hi Bernard,
> >
> > Thanks for reviewing our document.
> >
> > In fact both ID_S and ID_P are authenticated in EAP-EKE, not just
> > asserted, so they can be used as RFC 5247 identities. See for example
> > http://tools.ietf.org/html/draft-sheffer-emu-eap-eke-09#section-5.1.
> >
> > A more detailed response will follow once we've hashed out the details
> > of Session-ID.
> >
> > Thanks,
> > Yaron
> >
> >> Date: Mon, 15 Nov 2010 20:43:46 -0800
> >> From: Bernard Aboba<bernard_aboba@hotmail.com>
> >> Subject: Problem with draft-sheffer-emu-eap-eke
> >> To:<iesg@ietf.org>,<ietf@ietf.org>
> >> Message-ID:<BLU104-W201F08439317108F9749193370@phx.gbl>
> >> Content-Type: text/plain; charset="iso-8859-1"
> >>
> >>
> >> I just took a look at the EAP EKE document recently approved by the
> >> IESG for publication as an Informational RFC:
> >> http://tools.ietf.org/html/draft-sheffer-emu-eap-eke-09
> >>
> >> The document does not define the following parameters required by RFC
> >> 5247:
> >>
> >> 1. Peer-Id
> >> 2. Server-Id
> >> 3. Session-Id
> >>
> >> In particular, the omission of the Session-Id is a significant
> >> problem, since this is required for EAP methods
> >> to be usable within IEEE 802.1X-2010.
> >>
> >> My suggestion is that ID_P be designated as the Peer-Id. Since the
> >> Server identity is not authenticated (just asserted), it is not clear
> >> to me whether ID_S is suitable for use as the Server-Id.
> >>
> >> My suggestion is that the Session-Id be defined as follows:
> >> Session-Id = Type-Code || Nonce_P || Nonce_S
> >>
> >>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf@ietf.org
https://www.ietf.org/mailman/listinfo/ietf
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic