RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)

To: "Alper Yegin" <alper.yegin at yegin.org>,<ietf at ietf.org>
Subject: RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)
From: Russ Housley <housley at vigilsec.com>
Date: Fri, 17 Nov 2006 12:33:59 -0500
Cc:
In-reply-to: <0MKp2t-1Gl77D0pJq-0003xT@mrelay.perfora.net>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <7.0.0.16.2.20061106193709.043c4058@vigilsec.com> <0MKp2t-1Gl77D0pJq-0003xT@mrelay.perfora.net>

Alper:

> >And how would we apply this to EAP? There is no authenticator ID known to
> >EAP peer, yet they share an MSK.
>
> I believe that this is being addressed in draft-ietf-eap-keying.

Can you please provide a pointer?

It has peer-id and server-ids defined. But even that has issues, as these
are EAP-method exports, and not always available.

I'll let Bernard handle this part of your message. I'm responding to the next part.

> >             o  The expected lifetime of the keying material.
> >
> >Does it make sense to mention something like "Lifetime of a child key
> MUST
> >NOT be greater than the lifetime of its parent in the key hierarchy."?
>
> This is a very good principle, but I think SHOULD NOT is more appropriate.

I'm wondering why we open the door for children keys living longer than the
parent key.

> >          For this reason, EAP methods SHOULD
> >          provide a mechanism for identity protection of EAP peers, but
> >          such protection is not a requirement.
> >
> >
> >"SHOULD" and "not a requirement" seem to clash. We should either make it
> a
> >"MAY", or remove the ",but ...".
>
> All methods do not have to have a mechanism for identity protection,
> but we encourage them to have one.

I understand. What is the affect of "SHOULD but not a requirement"? Is this
like a "SHOULD-"? I mean, what do we lose if we drop the "but such a
protection is not a requirement"?


The next version of the document will say:

In many environments it is important to provide confidentiality protection
for identities.  However, this is not important in other environments.  For
this reason, EAP methods are encouraged to provide a mechanism for identity
protection of EAP peers, but such protection is not a requirement.

I hope this resolves your concern with the RFC 2119 terms.

Russ


_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

References:
- RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)
  - From: Russ Housley
- RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)
  - From: Alper Yegin

Prev by Date: RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)
Next by Date: RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)
Previous by thread: RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)
Next by thread: RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

RE: Last Call: 'Guidance for AAA Key Management' to BCP (draft-housley-aaa-key-mgmt)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.