RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
- To: "Bernard Aboba" <bernard_aboba at hotmail.com>, <emu at ietf.org>
- Subject: RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
- From: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>
- Date: Mon, 20 Nov 2006 21:34:30 -0800
- Authentication-results: sj-dkim-3; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
- Cc:
- Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2163; t=1164087271; x=1164951271; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20[Emu]=20Issue=3A=20Definition=20of=20Session-Id, =20Pe er-Id,Server-Id=20for=20EAP=20GPSK |Sender:=20; bh=EQ5lBFnlxmCYk7rXeVAe1WcZ1/LAywJrMzfBJ8fJuVw=; b=HX+nJNWu0xPta5W2OM1q+1TBj5HOXp2dECwZNv04UY3WYDqtmsDg+BVUHpnWnIcyXKVS+TZL 8juIarXVcgB7EDtbfdhsDm/0w+VoD/wLw8NUOMnDFSMrxIWrLJpnRuhf;
- List-archive: <http://www1.ietf.org/pipermail/emu>
- List-help: <mailto:emu-request@ietf.org?subject=help>
- List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
- List-post: <mailto:emu@ietf.org>
- List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
- Thread-index: AccMbCm38rGRwY5wSj+n8HHiFlbiUAAwd4hQ
- Thread-topic: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba at hotmail.com]
> Sent: Sunday, November 19, 2006 10:20 PM
> To: emu at ietf.org
> Subject: [Emu] Issue: Definition of Session-Id,
> Peer-Id,Server-Id for EAP GPSK
>
> EAP GPSK defines the Method-Id as follows:
>
> " o MID = KDF_Zero-String ("Method ID" || EAP_Method_Type
> || CSuite_Sel
> || inputString)[0..15]"
>
> The inclusion of the EAP_Method_Type doesn't seem quite
> right, because the Method-Id only needs to be globally and
> temporally unique for a given EAP method; since Session-Id =
> Type Code || Method-Id, the Session-Id's are guaranteed not
> to colide between EAP methods.
>
[Joe] Is there a problem with including the method type?
> Note that in this case inputString = 'RAND_Client ||
> ID_Client || RAND_Server || ID_Server' so that the
> identities are included. I think that this is a good idea
> since it should guarantee a unique Method-Id even if the same
> client and server RAND values are chosen by a different (peer,
> server) set.
>
> In reading the document, it would appear that Peer-Id
> (ID_Client) is authenticated in this protocol, whereas the
> Server-Id is not (e.g. ID_Server is asserted, but not really
> authenticated). Therefore, I would suggest addition of some
> text discussing this. For example:
>
[Joe] It seems that the server ID is as authenticated as the client ID.
The server ID and client ID are associated with the shared key. If a
different identity is asserted a different key would be selected and the
protocol should fail.
> The EAP-GPSK Session-Id is the concatenation of the EAP
> Type Code (TBD)
> with the contents of the Method-Id defined in Section X.
>
> The Peer-Id is the contents of the ID_Client field. Note
> that the contents are used as they
> are transmitted. The Server-Id is an empty string.
>
>
>
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
>
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
