Re: [Emu] NIST KDF & EAP-GPSK

To: "Tschofenig, Hannes" <hannes.tschofenig at siemens.com>
Subject: Re: [Emu] NIST KDF & EAP-GPSK
From: Charles Clancy <clancy at cs.umd.edu>
Date: Thu, 16 Nov 2006 09:42:32 -0500
Cc: emu at ietf.org
In-reply-to: <A5D2BD54850CCA4AA3B93227205D8A30898EF3@MCHP7IEA.ww002.siemens.net>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <A5D2BD54850CCA4AA3B93227205D8A30898EF3@MCHP7IEA.ww002.siemens.net>
User-agent: Thunderbird 1.5.0.8 (Windows/20061025)

The one mentioned during the session was SP 800-56A, if I recall correctly. See:

http://csrc.nist.gov/publications/nistpubs/800-56A/sp800-56A_May-3-06.pdf

The title, "Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography", seems to indicate applicability might be limited; however, section 5.8 addresses KDFs based on shared secrets.

Two KDFs are presented in the document, along with some requirements on how keys are handled and how a keying hierarchy should be implemented. I think the KDF in section 5.8.1 seems appropriate. It requires the use of a hash function, and not a MAC function, so only our HMAC-SHA256 ciphersuite would be compliant, provided we tweaked the KDF.

For the AES ciphersuite, we could always define the KDF as a "key push" distribution system using AES keywrap, if we were super-worried about FIPS 140-2 compliance. (I think this is a bad idea, but I'm just throwing it out there.)

--
t. charles clancy, ph.d.  <>  tcc at umd.edu  <>  www.cs.umd.edu/~clancy

Tschofenig, Hannes wrote:

Hi all,
at the EMU working group meeting we received some feedback regarding the usage of the NIST KDF in EAP-GPSK. In order to make progress with the document we would like to get some more information about the suggested change to the document.
Some NIST documents have been mentioned. Could someone point us to them?
Ciao
Hannes
------------------------------------------------------------------------
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

References:
- [Emu] NIST KDF & EAP-GPSK
  - From: Tschofenig, Hannes

Prev by Date: [Emu] Re: [Hokeyp] MSK but no EMSK
Next by Date: Re: [Emu] Re: [Hokeyp] MSK but no EMSK
Previous by thread: [Emu] NIST KDF & EAP-GPSK
Next by thread: [Emu] Re: [Hokeyp] MSK but no EMSK
Index(es):
- Date
- Thread

Re: [Emu] NIST KDF & EAP-GPSK

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.