[Pana] Re: PANA document errata
Yoshihiro Ohba <yohba@tari.toshiba.com> Mon, 19 November 2007 18:55 UTC
Return-path: <pana-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuBmY-0006lj-Sf; Mon, 19 Nov 2007 13:55:42 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuBmX-0006lR-T7 for pana@ietf.org; Mon, 19 Nov 2007 13:55:41 -0500
Received: from mgw.toshibaamericaresearch.com ([165.254.55.12] helo=toshi17.tari.toshiba.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IuBmX-0002wN-GA for pana@ietf.org; Mon, 19 Nov 2007 13:55:41 -0500
Received: from steelhead.localdomain (tarij-98.tari.toshiba.com [172.30.24.201] (may be forged)) by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id lAJItclP009574; Mon, 19 Nov 2007 13:55:38 -0500 (EST) (envelope-from yohba@tari.toshiba.com)
Received: from ohba by steelhead.localdomain with local (Exim 4.67) (envelope-from <yohba@tari.toshiba.com>) id 1IuBmQ-0003Jt-DI; Mon, 19 Nov 2007 13:55:34 -0500
Date: Mon, 19 Nov 2007 13:55:34 -0500
To: Bernard_Aboba@hotmail.com
Message-ID: <20071119185534.GA12696@steelhead.localdomain>
References: <BAY117-DS33323380319CD3C5E7C4A93830@phx.gbl> <20071118023111.GA15645@steelhead.localdomain> <BAY117-DS284520284356E5DDE8318937D0@phx.gbl>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-2022-jp"
Content-Disposition: inline
In-Reply-To: <BAY117-DS284520284356E5DDE8318937D0@phx.gbl>
User-Agent: Mutt/1.5.13 (2006-08-11)
From: Yoshihiro Ohba <yohba@tari.toshiba.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52f7a77164458f8c7b36b66787c853da
Cc: Yoshihiro Ohba <yohba@tari.toshiba.com>, pana@ietf.org
Subject: [Pana] Re: PANA document errata
X-BeenThere: pana@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Protocol for carrying Authentication for Network Access <pana.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:pana@ietf.org>
List-Help: <mailto:pana-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/pana>, <mailto:pana-request@ietf.org?subject=subscribe>
Errors-To: pana-bounces@ietf.org
OK, thank you. Yoshihiro Ohba On Sat, Nov 17, 2007 at 09:43:57PM -0800, Bernard_Aboba@hotmail.com wrote: > Yes. To ensure uniqueness, you might want to start each label with "IETF > PANA". > > So it could be "IETF PANA AUTH_KEY", "IETF PANA PEMK", etc. > > -------------------------------------------------- > From: "Yoshihiro Ohba" <yohba@tari.toshiba.com> > Sent: Saturday, November 17, 2007 6:31 PM > To: <Bernard_Aboba@hotmail.com> > Cc: <pana@ietf.org> > Subject: Re: PANA document errata > > >Bernard, > > > >Yes, thank you very much for catching up this. I agree that a key > >label is needed for PANA_AUTH_KEY and this can be fixed in AUTH48. > > > >I am trying to explain a bit more. draft-ohba-pana-pemk-01.txt > >defines PEMK (PaC-EP-Master Key) to bootstrap lower-layer specific > >master key for each lower-layer in a media-independent way: > > > >MSK---+----PANA_AUTH_KEY > > | > > +----PEMK----+----- PEMK for IKE (draft-ietf-pana-ipsec) > > | > > +----- PEMK for IEEE 802 family technologies > > | > > +----- PEMK for other technologies > > > >Using differenct key labels for PANA_AUTH_KEY and PEMK will guarantee > >the uniqueness of the keys under MSK branch, i.e., > > > >PANA_AUTH_KEY = prf+(MSK, "IETF PANA", > >I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID) > > > >PEMK = prf+(MSK, "PaC-EP master key" | SID | KID | EPDID) > > > >Regards, > >Yoshihiro Ohba > > > > > >On Fri, Nov 16, 2007 at 06:44:51AM -0800, Bernard_Aboba@hotmail.com wrote: > >>I mentioned that I found an errata in the PANA draft. > >> > >>The formula given for the PANA_AUTH_KEY is: > >> > >> PANA_AUTH_KEY = prf+(MSK, I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID) > >> > >>This formula is missing a key label, such as "IETF PANA". Other users > >>of the MSK, such as IEEE 802.11, 802.11r, IEEE 802.1af, include > >>labels when deriving keys from the MSK, in order to guarantee uniqueness > >>of key branches. > >> > >>Perhaps this could be fixed in AUTH48? > >> > >> > >> > >> > > > _______________________________________________ Pana mailing list Pana@ietf.org https://www1.ietf.org/mailman/listinfo/pana
- [Pana] Re: PANA document errata Yoshihiro Ohba
- [Pana] Re: PANA document errata Yoshihiro Ohba