< draft-housley-aaa-key-mgmt-08.txt   draft-housley-aaa-key-mgmt-09.txt >
Network Working Group R. Housley Network Working Group R. Housley
Internet Draft Vigil Security Internet Draft Vigil Security
February 2007 B. Aboba February 2007 B. Aboba
Expires in six months Microsoft Expires in six months Microsoft
Guidance for AAA Key Management Guidance for AAA Key Management
<draft-housley-aaa-key-mgmt-08.txt> <draft-housley-aaa-key-mgmt-09.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 11, line 21 skipping to change at page 11, line 21
authorization checking prevents an elevation of privilege authorization checking prevents an elevation of privilege
attack, and it ensures that an unauthorized authenticator is attack, and it ensures that an unauthorized authenticator is
detected. detected.
Authorizations SHOULD be synchronized between the peer, NAS, Authorizations SHOULD be synchronized between the peer, NAS,
and backend authentication server. Once the AAA key management and backend authentication server. Once the AAA key management
protocol exchanges are complete, all of these parties should protocol exchanges are complete, all of these parties should
hold a common view of the authorizations associated the other hold a common view of the authorizations associated the other
parties. parties.
In addition to authenticating all parties, key management
protocols need to demonstrate that the parties are authorized
to possess keying material. Note that proof of possession of
keying material does not necessarily prove authorization to
hold that keying material. For example, within an IEEE
802.11i, the 4-way handshake demonstrates that both the peer
and authenticator possess the same EAP keying material.
However, by itself, this possession proof does not demonstrate
that the authenticator was authorized by the backend
authentication server to possess that keying material. As
noted in RFC 3579 in section 4.3.7, where AAA proxies are
present, it is possible for one authenticator to impersonate
another, unless each link in the AAA chain implements checks
against impersonation. Even with these checks in place, an
authenticator may still claim different identities to the peer
and the backend authentication server. As described in RFC
3748 in section 7.15, channel binding is required to enable the
peer to verify that the authenticator claim of identity is both
consistent and correct.
Keying material confidentiality and integrity Keying material confidentiality and integrity
While preserving algorithm independence, confidentiality and While preserving algorithm independence, confidentiality and
integrity of all keying material MUST be maintained. integrity of all keying material MUST be maintained.
Confirm ciphersuite selection Confirm ciphersuite selection
The selection of the "best" ciphersuite SHOULD be securely The selection of the "best" ciphersuite SHOULD be securely
confirmed. The mechanism SHOULD detect attempted roll back confirmed. The mechanism SHOULD detect attempted roll back
attacks. attacks.
 End of changes. 2 change blocks. 
1 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/