[Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dime] Comments on abstract and section 1 of new version draft-ietf-dime-erp-01

Hi,all:
I have some comments on the abstract and section 1 of new version draft-ietf-dime-erp-01.
please see the comments inline!
 
Abstract
 
   EAP Re-authentication Protocol (ERP) defines extensions to the
   Extensible Authentication Protocol (EAP) to support efficient re-
   authentication between the EAP peer and an EAP re-authentication
   server through an EAP/ERP authenticator.  This document specifies
   Diameter support for ERP.  It defines a new Diameter ERP application
   to transport ERP messages between authenticator and ERP server, and a
   set of new AVPs that can be used to transport the cryptographic
   material needed by ERP server.
[Qin]:ERP authenticator and ERP server seems  new terminologies, I am wondering
      whether we need to define these terminologies in the document? Actually as
      described in RFC5296, ER Server relevant to ERP server has already been
      defined, Is it necessary to define the same thing?
 

1.  Introduction
 
   [RFC5296] defines the EAP Re-authentication Protocol (ERP).  It
   consists in the following steps:
 
   1.  Bootstrapping: a root key for re-authentication is derived from
       the Extended Master Session Key (EMSK) created during EAP
       authentication [RFC5295].  This root key is transported from the
       EAP server to the ER server.

   [Qin]: I agree implicit bootstrapping is not Re-authentication. However
          I am wondering whether explicit bootstrapping can still be viewed as
          Re-authentication?
          So whether dividing ERP into two step will cause a little confusion?
 
   2.  Re-authentication: a one-round-trip exchange between the peer and
       the ER server, resulting in mutual authentication.  To accomplish
       the EAP reauthentication functionality, ERP defines two new EAP
       codes - EAP-Initiate and EAP-Finish.
 
   This document defines how Diameter transports the ERP messages (Re-
   authentication step).  For this purpose, we define a new Application
   Id for ERP, and re-use the Diameter EAP commands (DER/DEA).
 
   This document also discusses the distribution of the root key
   (bootstrapping step), either during the initial EAP authentication
   (implicit bootstrapping) or during the first ERP exchange (explicit
   bootstrapping).  Security considerations for this key distribution
   are detailed in [RFC5295].
 

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.