OK, thank you. Yoshihiro Ohba
On Sat, Nov 17, 2007 at 09:43:57PM -0800, [EMAIL PROTECTED] wrote: > Yes. To ensure uniqueness, you might want to start each label with "IETF > PANA". > > So it could be "IETF PANA AUTH_KEY", "IETF PANA PEMK", etc. > > -------------------------------------------------- > From: "Yoshihiro Ohba" <[EMAIL PROTECTED]> > Sent: Saturday, November 17, 2007 6:31 PM > To: <[EMAIL PROTECTED]> > Cc: <[email protected]> > Subject: Re: PANA document errata > > >Bernard, > > > >Yes, thank you very much for catching up this. I agree that a key > >label is needed for PANA_AUTH_KEY and this can be fixed in AUTH48. > > > >I am trying to explain a bit more. draft-ohba-pana-pemk-01.txt > >defines PEMK (PaC-EP-Master Key) to bootstrap lower-layer specific > >master key for each lower-layer in a media-independent way: > > > >MSK---+----PANA_AUTH_KEY > > | > > +----PEMK----+----- PEMK for IKE (draft-ietf-pana-ipsec) > > | > > +----- PEMK for IEEE 802 family technologies > > | > > +----- PEMK for other technologies > > > >Using differenct key labels for PANA_AUTH_KEY and PEMK will guarantee > >the uniqueness of the keys under MSK branch, i.e., > > > >PANA_AUTH_KEY = prf+(MSK, "IETF PANA", > >I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID) > > > >PEMK = prf+(MSK, "PaC-EP master key" | SID | KID | EPDID) > > > >Regards, > >Yoshihiro Ohba > > > > > >On Fri, Nov 16, 2007 at 06:44:51AM -0800, [EMAIL PROTECTED] wrote: > >>I mentioned that I found an errata in the PANA draft. > >> > >>The formula given for the PANA_AUTH_KEY is: > >> > >> PANA_AUTH_KEY = prf+(MSK, I_PAR|I_PAN|PaC_nonce|PAA_nonce|Key_ID) > >> > >>This formula is missing a key label, such as "IETF PANA". Other users > >>of the MSK, such as IEEE 802.11, 802.11r, IEEE 802.1af, include > >>labels when deriving keys from the MSK, in order to guarantee uniqueness > >>of key branches. > >> > >>Perhaps this could be fixed in AUTH48? > >> > >> > >> > >> > > > _______________________________________________ Pana mailing list [email protected] https://www1.ietf.org/mailman/listinfo/pana
