RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
- To: "Bernard Aboba" <bernard_aboba at hotmail.com>, <emu at ietf.org>
- Subject: RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
- From: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>
- Date: Wed, 22 Nov 2006 09:17:55 -0800
- Authentication-results: sj-dkim-6; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim6002 verified; );
- Cc:
- Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1045; t=1164215878; x=1165079878; c=relaxed/simple; s=sjdkim6002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20[Emu]=20Issue=3A=20Definition=20of=20Session-Id, =20Pe er-Id,Server-Id=20for=20EAP=20GPSK |Sender:=20; bh=4t4Q5pB+ryC+ZTu0aRKhTOjdNXRJZ6Bq0YQkGTf+sNI=; b=WuZIxv566+3VqoBYg0Ycc36mtHXp5m/VdHCX3E7MW7oOMp+BfV5YP7BBKSB+lqvkKK/1DFgr GTgVLCHEp9I5u4z2TFvQKljr7CkK/mS8cgcmG2B1FSxBA3XDzQ7cVrpl;
- List-archive: <http://www1.ietf.org/pipermail/emu>
- List-help: <mailto:emu-request@ietf.org?subject=help>
- List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
- List-post: <mailto:emu@ietf.org>
- List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
- Thread-index: AccOVgFyH2V6qXxvQoetrKrZ6v9G3AAA6n3A
- Thread-topic: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba at hotmail.com]
> Sent: Wednesday, November 22, 2006 8:48 AM
> To: Joseph Salowey (jsalowey); emu at ietf.org
> Subject: RE: [Emu] Issue: Definition of Session-Id,
> Peer-Id,Server-Id for EAP GPSK
>
> >[Joe] It seems that the server ID is as authenticated as the
> client ID.
> >The server ID and client ID are associated with the shared
> key. If a
> >different identity is asserted a different key would be selected and
> >the protocol should fail.
>
> Since more than one AAA server can have access to the
> credentials, I don't see how the client can verify which
> server it is talking to. It only knows that the server has
> access to the PSK, not which server it is.
>
[Joe] Whether this identity belongs to an individual or a group depends
upon deployment. A deployment could assign a separate identity for each
server with a different key, although I'm not sure what adavantage that
would bring.
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
