On Dec 15, 2017, at 9:05 AM, Jouni Malinen <j...@w1.fi> wrote: > > It looks like EAP Session-Id derivation has not been defined for > EAP-SIM, EAP-AKA, and EAP-AKA' when using the fast re-authentication > exchange instead of full authentication. RFC 5247 defines Session-Id for > these EAP methods, but that derivation is only applicable for the full > authentication case. > > I filed an errata on RFC 4247 about a half a year ago, but have not > received any kind of response to this so far: > https://www.rfc-editor.org/errata_search.php?rfc=5247
I think EMU is the best place to discuss this. I don't think anyone had opinions, TBH. > Since it looks likely for the FILS authentication to get deployed in the > near term and that needing Session-Id for ERP to work, it would be > important to get this resolved with a clearly defined and agreed > derivation rules to allow fast re-authentication cases to be used to > derive ERP key hierarchy. OK. That raises the priority of the problem. > Would someone on this list have sufficient interest to reviewing the > filed errata and/or suggest ways on how to get this moving ahead? I'm > copy-pasting that errata information below for easier access for > reviewing/commenting: I'll give my $002. The authors of RFC 5247 may also have opinions. > It should say: > > EAP-AKA > > EAP-AKA is defined in [RFC4187]. When using full authentication, > the EAP-AKA Session-Id is the > concatenation of the EAP Type Code (0x17) with the contents of the > RAND field from the AT_RAND attribute, followed by the contents of > the AUTN field in the AT_AUTN attribute: > > Session-Id = 0x17 || RAND || AUTN > > When using fast re-authentication, the EAP-AKA Session-Id is the > concatenation of the EAP Type Code (0x17) with the contents of the > NONCE_S field from the AT_NONCE_S attribute, followed by the > contents of the MAC field from the AT_MAC attribute from > EAP-Request/AKA-Reauthentication: > > Session-Id = 0x17 || NONCE_S || MAC The one question here is whether or not this definition is new, or is taken from an existing reference? > Notes: > > RFC 5247 was supposed to define exported parameters for existing EAP > methods in Appendix A. The way Session-Id was defined for EAP-AKA and > EAP-SIM works only for the full authentication case, i.e., it cannot be > used when the optional fast re-authentication case is used since the > used parameters (RAND, AUTN, NONCE_MT) are not used in the fast > re-authentication case. Based on RFC 4187 chapter 5.2 (and similar > chapter in RFC 4186), NONCE_S corresponds to RAND and MAC in > EAP-Request/AKA-Reauthentication corresponds to AUTN. That would seem to > imply that the Session-Id could be defined using NONCE_S and MAC instead > of RAND and AUTN/NONCE_MT. Hmm... so it's a new definition. That's an issue. I don't think we can define new specifications in an errata. The ADs may disagree, of course. > The corrected text in this errata shows the changes for EAP-AKA. Similar > changes should be done for EAP-SIM (replace RAND || NONCE_MT with > NONCE_S || MAC for fast re-authentication). > > It should be noted that EAP-AKA' (RFC 5448) specification did not follow > the MUST requirement in RFC 5247, i.e., it did not define Session-Id > derivation. That could be done in an update of RFC 5247 with a clone of > EAP-AKA design. I would suggest filing a separate errata for RFC 5448. Please reference the one for RFC 5247. > In addition, RFC 5247 did not define Session-Id definition for PEAP and > there does not seem to exist any IETF RFC which such definition. That > could also be included in RFC 5247 update and done similarly to EAP-TLS > (Session-Id = EAP type || client.random || server.random). That makes sense. > It would be good to have a clear IETF reference for these details since > EAP Session-Id is needed for ERP (RFC 6696) and that is now seeing > additional implementation and deployment interest as a component of FILS > authentication (IEEE 802.11ai). Same definition of EAP Session-Id is > needed to make FILS shared key authentication implementation > interoperable. My $0.02 is to publish an individual draft. It should update the previous RFCs, and just define the missing pieces. That way the issue gets fixed in something other than errata, without re-publishing all of the EAP type definitions. Since there's no more EMU WG, this document can't be processed through a WG. But the discussion should still be on this list. I think also that it could be sponsored by an AD, and could be published quickly. To summarize: - the errata should probably be held for a document update - a similar errata should be filed for 5448 - a new document should define the session IDs - hopefully only a 3-4 page document with boilerplate.. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
