[Pana] Re: PANA document errata
Yoshihiro Ohba <yohba@tari.toshiba.com> Sun, 18 November 2007 02:31 UTC
Return-path: <pana-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1ItZwm-0006Jj-8n; Sat, 17 Nov 2007 21:31:44 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1ItZwk-0006Iu-SR for pana@ietf.org; Sat, 17 Nov 2007 21:31:42 -0500
Received: from [2001:418:1403:0:212:17ff:fe52:7811] (helo=toshi17.tari.toshiba.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1ItZwi-0004rd-Fp for pana@ietf.org; Sat, 17 Nov 2007 21:31:42 -0500
Received: from steelhead.localdomain (toshi17.tari.toshiba.com [172.30.24.10]) by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id lAI2VLxA002766; Sat, 17 Nov 2007 21:31:21 -0500 (EST) (envelope-from yohba@tari.toshiba.com)
Received: from ohba by steelhead.localdomain with local (Exim 4.67) (envelope-from <yohba@tari.toshiba.com>) id 1ItZwH-0004Hg-OF; Sat, 17 Nov 2007 21:31:13 -0500
Date: Sat, 17 Nov 2007 21:31:11 -0500
To: Bernard_Aboba@hotmail.com
Message-ID: <20071118023111.GA15645@steelhead.localdomain>
References: <BAY117-DS33323380319CD3C5E7C4A93830@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Disposition: inline
In-Reply-To: <BAY117-DS33323380319CD3C5E7C4A93830@phx.gbl>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
X-Spam-Score: -1.4 (-)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
Cc: pana@ietf.org
Subject: [Pana] Re: PANA document errata
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
Errors-To: pana-bounces@ietf.org
Bernard,
Yes, thank you very much for catching up this. I agree that a key
label is needed for PANA_AUTH_KEY and this can be fixed in AUTH48.
I am trying to explain a bit more. draft-ohba-pana-pemk-01.txt
defines PEMK (PaC-EP-Master Key) to bootstrap lower-layer specific
master key for each lower-layer in a media-independent way:
MSK---+----PANA_AUTH_KEY
|
+----PEMK----+----- PEMK for IKE (draft-ietf-pana-ipsec)
|
+----- PEMK for IEEE 802 family technologies
|
+----- PEMK for other technologies
Using differenct key labels for PANA_AUTH_KEY and PEMK will guarantee
the uniqueness of the keys under MSK branch, i.e.,
PANA_AUTH_KEY = prf+(MSK, "IETF PANA", I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID)
PEMK = prf+(MSK, "PaC-EP master key" | SID | KID | EPDID)
Regards,
Yoshihiro Ohba
On Fri, Nov 16, 2007 at 06:44:51AM -0800, Bernard_Aboba@hotmail.com wrote:
> I mentioned that I found an errata in the PANA draft.
>
> The formula given for the PANA_AUTH_KEY is:
>
> PANA_AUTH_KEY = prf+(MSK, I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID)
>
> This formula is missing a key label, such as "IETF PANA". Other users
> of the MSK, such as IEEE 802.11, 802.11r, IEEE 802.1af, include
> labels when deriving keys from the MSK, in order to guarantee uniqueness
> of key branches.
>
> Perhaps this could be fixed in AUTH48?
>
>
>
>
_______________________________________________
Pana mailing list
Pana@ietf.org
https://www1.ietf.org/mailman/listinfo/pana
- [Pana] Re: PANA document errata Yoshihiro Ohba
- [Pana] Re: PANA document errata Yoshihiro Ohba