[Emu] GPSK and client state

To: <emu at ietf.org>
Subject: [Emu] GPSK and client state
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Thu, 7 Aug 2008 10:45:07 -0700
Authentication-results: sj-dkim-1; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Delivered-to: ietfarch-emu-web-archive at core3.amsl.com
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1063; t=1218131073; x=1218995073; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20GPSK=20and=20client=20state |Sender:=20; bh=2nYjb3RCtK63ZxZtKG9toVY7eIlLU0H6mPdIXIkkB3Y=; b=mZ5BnT1dRDOXpYIssZt9QXiVRU9PpCBRj5vYwnN4F5yfv4wy9LNXBjkdwi aMazQt/JDuGLaThmmtRvGcW6PtcwiVyqZkJDnl9a3h71iEwnlbhskfALYLxH dbQwShFTez+zJ/uV71pl2ZRIfuswyKX9OGdZVFs5vdhsBCeAQzYes=;
List-archive: <http://www.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Sender: emu-bounces at ietf.org
Thread-index: Acj4tVR6sBStCuYdTzSRaAJJFf8E7g==
Thread-topic: GPSK and client state

In order to make progress I propose the following resolution to this
issue:

Modify text in the third paragraph from the end of section 10 to read:

  "For GPSK-3, a peer MUST silently discard messages where the
  RAND_Peer or the CSuite_Sel fields do not match
  those transmitted in GPSK-2.  An EAP peer MUST silently discard any
  packet whose MAC fails."

Modify text in section 12.9 third paragraph to read:

  "The client has to keep state information after receiving the GPSK-1
  message.  To prevent a replay attack, all the client needs to do is
  to ensure that the value of RAND_Peer is consistent between GPSK-2
  and GPSK-3.  Message GPSK-3 contains all the material required to re-
  compute the keying material.  Thus, if a client chooses to implement
  this client-side DoS protection mechanism it may manage RAND_Peer and
  CSuite_Sel on a per-server basis for servers it knows instead of on a
  per-message basis." 

Please send any comments you have on this proposal to the list by August
19, 2008.


Thanks,

Joe

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www.ietf.org/mailman/listinfo/emu

Prev by Date: [Emu] EMU minutes have been uploaded
Next by Date: Re: [Emu] Consensus call on EAP-GPSK key lengths
Previous by thread: [Emu] EMU minutes have been uploaded
Next by thread: [Emu] Comments for draft-clancy-emu-chbind-02.txt
Index(es):
- Date
- Thread

[Emu] GPSK and client state

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.