|
List Info
Thread: Issue 371: Session-Id calculation
|
|
| Issue 371: Session-Id calculation |
|
2006-06-25 05:28:05 |
Here is the revised text of Section 1.2, 1.4 and Appendix A:
New Section 1.2 definition:
"Session-Id
The EAP Session-Id uniquely identifies an EAP session
between an
EAP peer (as identified by the Peer-Id) and server (as
identified
by the Server-Id). For more information, see Section
1.4."
Section 1.4:
" Session-Id
The Session-Id uniquely identifies an EAP session
between an EAP
peer (as identified by the Peer-Id) and server (as
identified by
the Server-Id). Where the EAP Type Code is less than
255, the EAP
Session-Id consists of the concatenation of the EAP
Type Code and
a temporally unique identifier obtained from the
method. Where
expanded EAP Type Codes are used, the EAP Session-Id
consists of
the Expanded Type Code (including the Type, Vendor-Id
and Vendor-
Type fields defined in [RFC3748] Section 5.7)
concatenated with a
temporally unique identifier obtained from the method.
This
unique identifier is typically constructed from
nonces or
counters used within the EAP method exchange. The
inclusion of
the Type Code in the EAP Session-Id ensures that each
EAP method
has a distinct Session-Id space. Since an EAP session
is not
bound to a particular authenticator or specific ports
on the peer
and authenticator, the authenticator port or identity
are not
included in the Session-Id."
Appendix A text for EAP-TLS, AKA, and SIM:
" EAP-TLS
EAP-TLS is defined in [RFC2716]. The EAP-TLS
Session-Id is the
concatenation of the EAP Type Code (0x0D) with the
peer and server
nonces. The Peer-Id and Server-Id are the contents of
the
altSubjectName in the peer and server certificates.
EAP-AKA
EAP-AKA is defined in [RFC4187]. The EAP-AKA
Session-Id is the
concatenation of the EAP Type Code (0x17) with the
contents of the
RAND field from the AT_RAND attribute, followed by the
contents of
the AUTN field in the AT_AUTN attribute.
The Peer-Id is the contents of the Identity field from
the
AT_IDENTITY attribute, using only the Actual Identity
Length
octets from the beginning, however. Note that the
contents are
used as they are transmitted, regardless of whether
the
transmitted identity was a permanent, pseudonym, or
fast re-
authentication identity. The Server-Id is an empty
string.
EAP-SIM
EAP-SIM is defined in [RFC4186]. The EAP-SIM
Session-Id is the
concatenation of the EAP Type Code (0x12) with the
contents of the
RAND field from the AT_RAND attribute, followed by the
contents of
the NONCE_MT field in the AT_NONCE_MT attribute.
The Peer-Id is the contents of the Identity field from
the
AT_IDENTITY attribute, using only the Actual Identity
Length
octets from the beginning, however. Note that the
contents are
used as they are transmitted, regardless of whether
the
transmitted identity was a permanent, pseudonym, or
fast re-
authentication identity. The Server-Id is an empty
string."
>From: "M. Vanderveen" <mvandervn yahoo.com>
>To: Bernard Aboba <bernard_abobahotmail.com>
>Subject: Re: [eap] Issue 371: Session-Id calculation
>Date: Sat, 24 Jun 2006 20:44:52 -0700 (PDT)
>
>That sounds fine.
> Michaela
>
>Bernard Aboba <bernard_abobahotmail.com> wrote:
> Issue 371: Session-Id Calculation
>Submitter name: Bernard Aboba
>Submitter email address: abobainternaut.com
>Date Submitted: June 24, 2006
>Reference:
>Document: KEYING-13
>Comment type: 'T'echnical
>Priority: S
>Section: Appendix A
>Rationale/Explanation of issue:
>
>For methods allocated with the standard EAP space (TLS,
AKA, SIM) Appendix
>A
>states that the Session-Id is constructed as follows:
>
>"Session-Id is the concatenation of the Expanded
EAP Type Code (including
>the Type,
>Vendor-Id and Vendor-Type fields defined in [RFC3748]
Section 5.7) with
>the..."
>
>Since these methods have no Vendor-Id or Vendor-Type
fields, are these
>fields included or not?
>
>My recommendation is to replace the text as follows:
>
>"Session-Id is the concatenation of the EAP Type
Code (here>) with the..."
>
>
>________________________________________________________
_________
>To unsubscribe or modify your subscription options,
please visit:
>http:/
/lists.frascone.com/mailman/listinfo/eap
>
>Arhives: http://lists.
frascone.com/pipermail/eap
>
>
>
>---------------------------------
>Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone
calls. Great rates
>starting at 1¢/min.
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|
|
| Issue 371: Session-Id calculation |
|
2006-06-25 14:58:06 |
OK.
--Jari
Bernard Aboba wrote:
>Here is the revised text of Section 1.2, 1.4 and
Appendix A:
>
>New Section 1.2 definition:
>
>"Session-Id
> The EAP Session-Id uniquely identifies an EAP
session between an
> EAP peer (as identified by the Peer-Id) and server
(as identified
> by the Server-Id). For more information, see
Section 1.4."
>
>Section 1.4:
>
>" Session-Id
>
> The Session-Id uniquely identifies an EAP session
between an EAP
> peer (as identified by the Peer-Id) and server (as
identified by
> the Server-Id). Where the EAP Type Code is less
than 255, the EAP
> Session-Id consists of the concatenation of the
EAP Type Code and
> a temporally unique identifier obtained from the
method. Where
> expanded EAP Type Codes are used, the EAP
Session-Id consists of
> the Expanded Type Code (including the Type,
Vendor-Id and Vendor-
> Type fields defined in [RFC3748] Section 5.7)
concatenated with a
> temporally unique identifier obtained from the
method. This
> unique identifier is typically constructed from
nonces or
> counters used within the EAP method exchange. The
inclusion of
> the Type Code in the EAP Session-Id ensures that
each EAP method
> has a distinct Session-Id space. Since an EAP
session is not
> bound to a particular authenticator or specific
ports on the peer
> and authenticator, the authenticator port or
identity are not
> included in the Session-Id."
>
>Appendix A text for EAP-TLS, AKA, and SIM:
>
>" EAP-TLS
>
> EAP-TLS is defined in [RFC2716]. The EAP-TLS
Session-Id is the
> concatenation of the EAP Type Code (0x0D) with the
peer and server
> nonces. The Peer-Id and Server-Id are the
contents of the
> altSubjectName in the peer and server
certificates.
>
> EAP-AKA
>
> EAP-AKA is defined in [RFC4187]. The EAP-AKA
Session-Id is the
> concatenation of the EAP Type Code (0x17) with the
contents of the
> RAND field from the AT_RAND attribute, followed by
the contents of
> the AUTN field in the AT_AUTN attribute.
>
> The Peer-Id is the contents of the Identity field
from the
> AT_IDENTITY attribute, using only the Actual
Identity Length
> octets from the beginning, however. Note that the
contents are
> used as they are transmitted, regardless of
whether the
> transmitted identity was a permanent, pseudonym,
or fast re-
> authentication identity. The Server-Id is an
empty string.
>
> EAP-SIM
>
> EAP-SIM is defined in [RFC4186]. The EAP-SIM
Session-Id is the
> concatenation of the EAP Type Code (0x12) with the
contents of the
> RAND field from the AT_RAND attribute, followed by
the contents of
> the NONCE_MT field in the AT_NONCE_MT attribute.
>
> The Peer-Id is the contents of the Identity field
from the
> AT_IDENTITY attribute, using only the Actual
Identity Length
> octets from the beginning, however. Note that the
contents are
> used as they are transmitted, regardless of
whether the
> transmitted identity was a permanent, pseudonym,
or fast re-
> authentication identity. The Server-Id is an
empty string."
>
>
>
>
>
>
>>From: "M. Vanderveen" <mvandervnyahoo.com>
>>To: Bernard Aboba <bernard_abobahotmail.com>
>>Subject: Re: [eap] Issue 371: Session-Id calculation
>>Date: Sat, 24 Jun 2006 20:44:52 -0700 (PDT)
>>
>>That sounds fine.
>> Michaela
>>
>>Bernard Aboba <bernard_abobahotmail.com> wrote:
>> Issue 371: Session-Id Calculation
>>Submitter name: Bernard Aboba
>>Submitter email address: abobainternaut.com
>>Date Submitted: June 24, 2006
>>Reference:
>>Document: KEYING-13
>>Comment type: 'T'echnical
>>Priority: S
>>Section: Appendix A
>>Rationale/Explanation of issue:
>>
>>For methods allocated with the standard EAP space
(TLS, AKA, SIM) Appendix
>>A
>>states that the Session-Id is constructed as
follows:
>>
>>"Session-Id is the concatenation of the
Expanded EAP Type Code (including
>>the Type,
>>Vendor-Id and Vendor-Type fields defined in
[RFC3748] Section 5.7) with
>>the..."
>>
>>Since these methods have no Vendor-Id or Vendor-Type
fields, are these
>>fields included or not?
>>
>>My recommendation is to replace the text as follows:
>>
>>"Session-Id is the concatenation of the EAP
Type Code (here>) with the..."
>>
>>
>>____________________________________________________
_____________
>>To unsubscribe or modify your subscription options,
please visit:
>>http:/
/lists.frascone.com/mailman/listinfo/eap
>>
>>Arhives: http://lists.
frascone.com/pipermail/eap
>>
>>
>>
>>---------------------------------
>>Talk is cheap. Use Yahoo! Messenger to make
PC-to-Phone calls. Great rates
>>starting at 1¢/min.
>>
>>
>
>
>________________________________________________________
_________
>To unsubscribe or modify your subscription options,
please visit:
>http:/
/lists.frascone.com/mailman/listinfo/eap
>
>Arhives: http://lists.
frascone.com/pipermail/eap
>
>
>
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|
|
[1-2]
|
|