[Emu] Issue #23: Tunnel Protection requirements

To: <emu at ietf.org>
Subject: [Emu] Issue #23: Tunnel Protection requirements
From: "Joseph Salowey (jsalowey)" <jsalowey at cisco.com>
Date: Thu, 6 Aug 2009 13:11:35 -0700
Authentication-results: sj-dkim-4; header.From=jsalowey at cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Delivered-to: emu at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1327; t=1249589496; x=1250453496; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey at cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey at ci sco.com> |Subject:=20Issue=20#23=3A=20Tunnel=20Protection=20requirem ents |Sender:=20; bh=mUgVEkYk+adYDoicSb1NdMbvZMG/tskNlrhHzxiuGxo=; b=Z7muSfD2VUmHR+88q5eGVd9407rvdvVSSyk1Vlb6g1lC9bvrecyNojwW9A Ig4r74sL/aPh60Fg9sRsK33U78UWaBbtwsKwPpiODDFDia41uQDPQ4/jyCeq Du8RtI1Opj;
List-archive: <http://www.ietf.org/mail-archive/web/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AcoW0bmrfo86FVOiSKaD4Oj6uKLQHwAAEzHQ
Thread-topic: Issue #23: Tunnel Protection requirements

#23: Tunnel Protection requirements

 > Section 4.2.1.1.2
 >
 > "See Part 1 of the NIST Recommendation for
 >    Key Management [NIST SP 800-57] for a discussion of the relative
 >    strengths of common algorithms."
 >
 > Why not reference the NIST SP 800-120 requirements here?
 >

 > "o One-way key derivation
 >  o Cryptographically separated keys.
 >  o Cryptographically separated entities.
 >  o Identity binding
 >  o Context binding
 >  o Key lifetime
 >  o Mutual implicit key authentication
 >  o Key freshness"
 >
 > Given that this document assumes a TLS-based tunnel method,
 > the text on requirements can be made considerably more
 > specific and actionable based on TLS properties and the
 > specific requirements of NIST 800-120.
 > As it stands, a number of these requirements either don't
 > apply to EAP methods at all (e.g. context binding, key
 > lifetime) but rather to other elements of the system, or are
 > automatically provided by TLS (e.g. key freshness, Identity
 > binding).
 >
 > So these requirements need to be made actionable and
 > specific.  The ones that don't apply to the problem at hand
 > (e.g. TLS-based tunnel euth) should be removed.
 >

-- 
Ticket URL: <http://trac.tools.ietf.org/wg/emu/trac/ticket/23>
emu <http://tools.ietf.org/wg/emu/>

Follow-Ups:
- Re: [Emu] Issue #23: Tunnel Protection requirements
  - From: Hoeper Katrin-QWKN37

Prev by Date: [Emu] Issue #21: Mandatory Vs. Optional
Next by Date: [Emu] Issue #22: Collection of smaller issues
Previous by thread: [Emu] Issue #21: Mandatory Vs. Optional
Next by thread: Re: [Emu] Issue #23: Tunnel Protection requirements
Index(es):
- Date
- Thread

[Emu] Issue #23: Tunnel Protection requirements

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.