Bernard,
Yes, thank you very much for catching up this. I agree that a key
label is needed for PANA_AUTH_KEY and this can be fixed in AUTH48.
I am trying to explain a bit more. draft-ohba-pana-pemk-01.txt
defines PEMK (PaC-EP-Master Key) to bootstrap lower-layer specific
master key for each lower-layer in a media-independent way:
MSK---+----PANA_AUTH_KEY
|
+----PEMK----+----- PEMK for IKE (draft-ietf-pana-ipsec)
|
+----- PEMK for IEEE 802 family technologies
|
+----- PEMK for other technologies
Using differenct key labels for PANA_AUTH_KEY and PEMK will guarantee
the uniqueness of the keys under MSK branch, i.e.,
PANA_AUTH_KEY = prf+(MSK, "IETF PANA", I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID)
PEMK = prf+(MSK, "PaC-EP master key" | SID | KID | EPDID)
Regards,
Yoshihiro Ohba
On Fri, Nov 16, 2007 at 06:44:51AM -0800, [EMAIL PROTECTED] wrote:
> I mentioned that I found an errata in the PANA draft.
>
> The formula given for the PANA_AUTH_KEY is:
>
> PANA_AUTH_KEY = prf+(MSK, I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID)
>
> This formula is missing a key label, such as "IETF PANA". Other users
> of the MSK, such as IEEE 802.11, 802.11r, IEEE 802.1af, include
> labels when deriving keys from the MSK, in order to guarantee uniqueness
> of key branches.
>
> Perhaps this could be fixed in AUTH48?
>
>
>
>
_______________________________________________
Pana mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/pana
