List Info

Thread: Issue 411: Relationship to RFC 4962
Issue 411: Relationship to RFC 4962
user name
 2007-10-23 20:42:46 
Issue 411: Relationship to RFC 4962
Submitter name: Charlie Kaufman
Submitter email address: charliekmicrosoft.com
Date first submitted:  October 18, 2007
Reference:
Document: draft-ietf-eap-keying-18.txt
Comment type:  Editorial
Priority: S
Section: Abstract, Section 1
Rationale/Explanation of Issue:

The document does not state what the relationship is between
it and RFC 
4962.  Specifically, does it:

1. Demonstrate how EAP, AAA and SAP protocols comply with
the guidelines in 
RFC 4962?
2. Provide detailed security requirements for EAP, AAA and
SAP?
3. Over-ride RFC 4962 where the two documents disagree?


[BA] My understanding is that the relationship is most
accurately described 
by #1 & #2.  That is, Section 5 in particular analyzes
compliance to RFC 
4962 and much of the document includes more detail on the
security issues 
raised in RFC 4962.  I am not sure about #3.

The proposed resolution is to change the Abstract to the
following:

"Abstract

   The Extensible Authentication Protocol (EAP), defined in
RFC 3748,
   enables extensible network access authentication.  This
document
   specifies the EAP key hierarchy and provides a framework
for the
   transport and usage of keying material and parameters
generated by
   EAP authentication algorithms, known as
"methods".  It also provides
   a detailed system-level security analysis, demonstrating
compliance
   with the key management guidelines described in RFC
4962.
"

and Section 1 to the following:

"1.  Introduction

   The Extensible Authentication Protocol (EAP), defined in
[RFC3748],
   was designed to enable extensible authentication for
network access
   in situations in which the Internet Protocol (IP)
protocol is not
   available.  Originally developed for use with
Point-to-Point Protocol
   (PPP) [RFC1661], it has subsequently also been applied to
IEEE 802
   wired networks [IEEE-802.1X], IKEv2 [RFC4306] and
wireless networks
   such as [IEEE-802.11] and [IEEE-802.16e].

   EAP is a two-party protocol spoken between the EAP peer
and server.
   Within EAP, keying material is generated by EAP
authentication
   algorithms, known as "methods".  Part of this
keying material can be
   used by EAP methods themselves and part of this material
can be
   exported.  In addition to export of keying material, EAP
methods can
   also export associated parameters such as authenticated
peer and
   server identities and a unique EAP conversation
identifier, and can
   import and export lower layer parameters known as
"channel binding
   parameters", or simply "channel
bindings".

   This document specifies the EAP key hierarchy and
provides a
   framework for the transport and usage of keying material
and
   parameters generated by EAP methods.  It also provides a
detailed
   security analysis, demonstrating compliance with the
requirements
   described in "Guidance for Authentication,
Authorization and
   Accounting (AAA) Key Management" [RFC4962].
"



Proposed Resolution: Discuss


____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )