Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)

To: Sebastien Decugis <sdecugis at nict.go.jp>
Subject: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
From: Qin Wu <sunseawq at huawei.com>
Date: Thu, 19 Mar 2009 21:05:26 +0800
Cc: dime at ietf.org, hokey at ietf.org
Delivered-to: dime at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/dime>
List-help: <mailto:dime-request@ietf.org?subject=help>
List-id: Diameter Maintanence and Extentions Working Group <dime.ietf.org>
List-post: <mailto:dime@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/dime>, <mailto:dime-request@ietf.org?subject=unsubscribe>
References: <5e2406980903032305k48ad83b7r1015e61c6ed983ae at mail.gmail.com> <020e01c99ca1$3b704150$2fb4b70a at nsnintra.net> <5e2406980903040203i26ab161bs3f221dc4ac03ed7 at mail.gmail.com> <021601c99f18$ee622250$0201a8c0 at nsnintra.net> <5e2406980903100314ycaf2a26mebff07d6e8ad395a at mail.gmail.com> <006b01c9a19e$aa68cf30$ff3a6d90$ at net> <07ce01c9a1a1$5a8daa50$0201a8c0 at nsnintra.net> <024d01c9a2e7$6708e0f0$1b0ca40a at china.huawei.com> <5e2406980903120206h5d80503bw46edbc3388105516 at mail.gmail.com> <5e2406980903120245q38774445l6a1a17a5f4594e26 at mail.gmail.com> <49B8F6AC.7010905 at nict.go.jp> <04b501c9a3a9$2f99f830$1b0ca40a at china.huawei.com> <49BF3D9D.1040101 at nict.go.jp>

Hi,
Sorry for the late reply.
----- Original Message ----- 
From: "Sebastien Decugis" <sdecugis at nict.go.jp>
To: "Qin Wu" <sunseawq at huawei.com>
Cc: "Julien Bournelle" <julien.bournelle at gmail.com>; <dime at ietf.org>; <hokey at ietf.org>
Sent: Tuesday, March 17, 2009 2:05 PM
Subject: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)


> Hi,
> 
> Thank you for yor answer, and sorry for replying so late myself.
> 
> Qin Wu a écrit :
>> Hi,Sebastien:
>> The MSK and EMSK both result from EAP authentiction and are used to derive other keys.
>> Also both MSK and EMSK are shared between the peer and the AAA server. So MSK has the same lifetime as EMSK, what's more, the derived keys also has the same lifetime as MSK or EMSK.
>>
>> As regarding the second question, since the keying materials is established through the EAP exchange between the peer and the server and shared between the corresponding two entities. I am sure the peer and the AAA server should agree on the lifetime of these keys firstly. With respect to how much is the lifetime of keys, it mostly depends on the specific implementation.
>>   
> 
> Since ERP would use material derived from the EMSK, I guess that when
> the MSK is expiring then an ERP exchange cannot occur, and therefore we
> don't really have a choice here, but to use full EAP.
> 
> This brings the following conclusion (please correct me if I am wrong):
> ERP is only used when the peer attaches to a new authenticator while
> having a valid authentication material (EMSK).
[Qin]: 
According to the RFC 5296, ERP is also used when ERP bootstrapping happens, 
Here ERP bootstapping is quite different from MIPv6 bootstrapping. What ERP bootstrapping means the how the DSRK is generated and distributed to the peer via EAP basic four message (i.e., EAP request/response, EAP success/failure)

On the other hand, ERP is also used in the inter-authenticator handover scenarios in  which EAP Initiate/Finish is used to complete Re-authentiation.

> I am not sure anyway how this is related to the {EAP or new} application
> ID problem.

[Qin]: 
As regarding to how this is related to the application, I think ERP mechanism is quite different from regular EAP authentication mechanism. ER server can be 
indpendent AAA server which can be proprietary.

> Best regards,
> Sebastien.
> 
> -- 
> Sebastien Decugis
> Research fellow
> Network Architecture Group
> NICT (nict.go.jp)
>

References:
- [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] DiME ERP: new Application ID or not ? (non-roaming case)
  - From: Glen Zorn
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Hannes Tschofenig
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Julien Bournelle
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Sebastien Decugis
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Qin Wu
- Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
  - From: Sebastien Decugis

Prev by Date: [Dime] Diameter ERP new proposal
Next by Date: Re: [Dime] IETF#74: draft-ietf-dime-pmip6 and draft-ietf-dime-mip6-split
Previous by thread: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)
Next by thread: Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roamingcase)
Index(es):
- Date
- Thread

Re: [Dime] [HOKEY] DiME ERP: new Application ID or not ?(non-roaming case)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.