RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id forEAP GPSK
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id forEAP GPSK
- To: "Bernard Aboba" <bernard_aboba at hotmail.com>, <clancy at cs.umd.edu>
- Subject: RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id forEAP GPSK
- From: "Joseph Salowey \(jsalowey\)" <jsalowey at cisco.com>
- Date: Wed, 22 Nov 2006 09:21:05 -0800
- Authentication-results: sj-dkim-7; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim7002 verified; );
- Cc: emu at ietf.org
- Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1182; t=1164216066; x=1165080066; c=relaxed/simple; s=sjdkim7002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20\(jsalowey\)=22=20<jsalowey@cisco.com> |Subject:=20RE=3A=20[Emu]=20Issue=3A=20Definition=20of=20Session-Id, =20Pe er-Id,Server-Id=20forEAP=20GPSK |Sender:=20; bh=P97JxVmIvQAeFjw1f/D8ehpoPnrElMbVMAPp0QbofAg=; b=LKU7I1iwyGWDWqJQ0XoHPfs9r/Ds9qBl0wWYatlaJV3vrAOuojLpbOuL1iSLWgscRa+8f/Pz BNiH+qGR0mrHxlSMEc2nhABYtHaQJGH3yRHUhBmAu5CxL5AanZf6yBgB;
- List-archive: <http://www1.ietf.org/pipermail/emu>
- List-help: <mailto:emu-request@ietf.org?subject=help>
- List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
- List-post: <mailto:emu@ietf.org>
- List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
- Thread-index: AccOVpvUQp/IfEDbRlCJ0pEtLtpymgAA8BHg
- Thread-topic: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id forEAP GPSK
> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba at hotmail.com]
> Sent: Wednesday, November 22, 2006 8:52 AM
> To: clancy at cs.umd.edu
> Cc: emu at ietf.org
> Subject: Re: [Emu] Issue: Definition of Session-Id,
> Peer-Id,Server-Id forEAP GPSK
>
> >Sounds reasonable, but I'm not entirely sure I'd call the ID_Server
> >unauthenticated. It's authenticated in GPSK-3 when the
> server includes
> >it in the key derivation to compute SK. If the value was
> changed by an
> >attacker, the authentication would fail.
>
> The client only confirms that the server has access to the
> PSK, but it doesn't confirm the specific server identity.
> This is different from TLS-based EAP methods where the client
> can verify a certificate issued to a specific server.
>
[Joe] Yes, by it's nature symmetric authentication is different than
asymmetric authentication, but that doesn't mean that an identity is not
authenticated in the symmetric case.
>
>
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
>
_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
