Looks OK to me. Hope this helps. ~gwz > -----Original Message----- > From: ietf-bounces@xxxxxxxx [mailto:ietf-bounces@xxxxxxxx] On Behalf Of > Yaron Sheffer > Sent: Wednesday, November 17, 2010 6:14 PM > To: ietf@xxxxxxxx > Subject: Re: Problem with draft-sheffer-emu-eap-eke > > Expanding on my previous response, I suggest to resolve Bernard's > concern by adding the following text: > > 5.6 EAP Key Generation > > EAP-EKE can be used for EAP key generation, as defined by [RFC 5247]. > When used in this manner, the values required to establish the key > hierarchy are defined as follows: > > - Peer-Id is the EAP-EKE ID_P value. > - Server-Id is the EAP-EKE ID_S value. > - Session-Id is the concatenated Type | Nonce_P | Nonce_S, where Type is > the method type defined for EAP-EKE in [Sec. 4.1], a single octet. > > Thanks, > Yaron > > On 11/16/2010 05:49 PM, Yaron Sheffer wrote: > > Hi Bernard, > > > > Thanks for reviewing our document. > > > > In fact both ID_S and ID_P are authenticated in EAP-EKE, not just > > asserted, so they can be used as RFC 5247 identities. See for example > > http://tools.ietf.org/html/draft-sheffer-emu-eap-eke-09#section-5.1. > > > > A more detailed response will follow once we've hashed out the details > > of Session-ID. > > > > Thanks, > > Yaron > > > >> Date: Mon, 15 Nov 2010 20:43:46 -0800 > >> From: Bernard Aboba<bernard_aboba@xxxxxxxxxxx> > >> Subject: Problem with draft-sheffer-emu-eap-eke > >> To:<iesg@xxxxxxxx>,<ietf@xxxxxxxx> > >> Message-ID:<BLU104-W201F08439317108F9749193370@xxxxxxx> > >> Content-Type: text/plain; charset="iso-8859-1" > >> > >> > >> I just took a look at the EAP EKE document recently approved by the > >> IESG for publication as an Informational RFC: > >> http://tools.ietf.org/html/draft-sheffer-emu-eap-eke-09 > >> > >> The document does not define the following parameters required by RFC > >> 5247: > >> > >> 1. Peer-Id > >> 2. Server-Id > >> 3. Session-Id > >> > >> In particular, the omission of the Session-Id is a significant > >> problem, since this is required for EAP methods > >> to be usable within IEEE 802.1X-2010. > >> > >> My suggestion is that ID_P be designated as the Peer-Id. Since the > >> Server identity is not authenticated (just asserted), it is not clear > >> to me whether ID_S is suitable for use as the Server-Id. > >> > >> My suggestion is that the Session-Id be defined as follows: > >> Session-Id = Type-Code || Nonce_P || Nonce_S > >> > >> > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www.ietf.org/mailman/listinfo/ietf _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf