Issue 373: Organization of Section 4

Issue 373: Organization of Section 4
Submitter name: Bernard Aboba
Submitter email address: abobainternaut.com
Date Submitted: July 31, 2006
Reference:
Document: KEYING-14
Comment type: 'T'echnical
Priority: S
Section: 4
Rationale/Explanation of issue:
Section 4 states the following:
" With EAP, several mechanisms are available to reduce
the latency in
   handoff between authenticators:

[a]  EAP pre-authentication.  This utilizes EAP to
pre-establish EAP
     keying material on an authenticator prior to arrival of
the peer.
     Use of pre-authentication within IEEE 802.11 is
described in
     [8021XHandoff] and [IEEE-802.11i].

[b]  Key caching.  This mechanism enables an EAP peer to
re-attach to an
     authenticator without requiring EAP re-authentication.

[c]  Context transfer, such as is defined in [IEEE-802.11F]
(now
     deprecated) and [RFC4067].  Use of context transfer for
handoff
     latency improvement is described in [IEEE-02-758].

[d]  Proactive key distribution, such as is described in
     [IEEE-02-758][IEEE-03-084] and
[I-D.irtf-aaaarch-handoff].

   The sections that follow discuss the security
vulnerabilities
   introduced by the above mechanisms."
However, while Section 4.1 does talk about
Pre-authentication,
it is not made explicit how Sections 4.2 and 4.3 relate to
the
security of Key Caching, Context Transfer or Proactive Key
distribution.

For example, issues of authorization and correctness do not
apply to mechanisms which utilize AAA to distribute
authorizations.
Therefore Section 4.2 and 4.3 do not seem to relate to the
Pre-authentication or Proactive Key Distribution mechanisms,
only to Key Caching and Context Transfer.


____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap