> >Can you please provide a pointer?
>
> Authenticator and peer identication issues are discussed in Section
> 2.2.1 of draft-ietf-eap-keying-15.txt
According to my reading, we rely on this piece of text:
The following steps enable lower layer identities to be securely
verified by all parties:
...
[g] Communicating the lower layer identities between the peer and
authenticator within phase 0. This allows the peer and
authenticator to determine the key scope if a key cache is
utilized.
Through the exchange of such identifiers one can bind the MSK to the
identity of the authenticator. But.... this has issues, imho. RFC 3748 does
not mandate such a feature on the EAP lower layers. Not sure if any supports
such a thing. Rather than relying on another part of the architecture (phase
0 -- discovery), it's more appropriate to expect EAP to deal with this
identifier exchange (since it is the one who generates the associated MSK),
but it is too late for that now.
All I'm trying to say is, EAP (RFC 3748) does not appear to support this
particular rule from draft-housley-aaa-key-mgmt. Just an observation.
> So child keys often do persist longer than the parent key, and there is
> no issue with this. However, the maximum lifetime of the child keys
> cannot be longer than the maximum lifetime of the parent.
This explains it very well. Thank you.
Alper
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf