Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt

To: Dan Harkins <dharkins at lounge.org>
Subject: Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt
From: Lakshminath Dondeti <ldondeti at qualcomm.com>
Date: Wed, 07 Mar 2007 22:51:04 -0800
Cc: Sam Hartman <hartmans-ietf at mit.edu>, ietf at ietf.org
In-reply-to: <39975.69.12.173.8.1173319599.squirrel@www.trepanning.net>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <38388.69.12.173.8.1173291297.squirrel@www.trepanning.net> <tslslcgga17.fsf@cz.mit.edu> <39975.69.12.173.8.1173319599.squirrel@www.trepanning.net>
User-agent: Thunderbird 2.0b2 (Windows/20070116)

Dan Harkins wrote:

  Sam,

  But for things like HOKEY or 802.11r they want to have the AAA server
create a key hierarchy rooted off the EMSK or the MSK, respectively, that
contains keys for specific authenticators. These keys are going to be
distributed using AAA (that seems to be the plan) and either proactively
distributed-- "here have a key!"-- or distributed on demand-- "gimme a
key!" The authenticator-specific key gets produced by mixing in some
identity of the authenticator and that key is then sent under the
protection of the security association between the AAA server and the
authenticator.


Dan,

I snipped all the rest of the email so I can get a clarification from you on this particular paragraph. The problem you describe here is that the authenticator gets a key based on the claimed identity of the authenticator. If the peer and the server do not have a way to verify the identity of the authenticator it is a problem because the key that the server sends to the authenticator is the same as long as the claimed identity of the authenticator is the same.

Do I understand correctly?

thanks,
Lakshminath

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt
  - From: Dan Harkins

References:
- Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt
  - From: Dan Harkins
- Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt
  - From: Sam Hartman
- Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt
  - From: Dan Harkins

Prev by Date: Re: Prague
Next by Date: Re: Prague
Previous by thread: Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt
Next by thread: Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: [Dan Harkins] comments on draft-houseley-aaa-key-mgmt-07.txt

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.