Pitfalls for the Unwary Arbitrary AAA EAP key attributes Transport keys derived by EAP methods Critical to EAP interoperability: NAS expects MSK, not session key Can encourage bad practices: ciphersuite-specific EAP methods Improper key hierarchies Loops can dilute key strength Early 802.11i proposals had this problem EAP methods generating keys without sufficient entropy 802.11i assumes a 256-bit PMK! Issue for EAP SIM and EAP GSS EAP methods without nonce exchanges May not be able to generate required crytographic separation without a subsequent nonce exchange Could cause method to work only on some media (e.g. 802.11 vs. PPP) Issue for EAP SRP |