Hi,
RFC 8446 defines the TLS-Exporter interface as:
TLS-Exporter(label, context_value, key_length)
draft-ietf-emu-eap-tls13 is using the exporter interface without context:
Key_Material = TLS-Exporter("EXPORTER_EAP_TLS_Key_Material", "", 128)
IV = TLS-Exporter("EXPORTER_EAP_TLS_IV", "", 64)
Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id", "", 64)
Session-Id = 0x0D || Method-Id
The working group did never really discuss the context_value parameter. So just
to bring up the question: Is there any information from the EAP-Requests and
EAP-Responses that should (and could) be included in the context_value to
ensure that the EAP Peer and EAP Sever agree that they have gotten the same
information. E.g. from these messages:
EAP Peer EAP Server
EAP-Request/
<-------- Identity
EAP-Response/
Identity (Anonymous NAI) -------->
EAP-Request/
EAP-Type=EAP-TLS
<-------- (TLS Start)
RFC 5216 does not include any such information in the key derivation, but as
the group has agreed to modify the key derivation mechanism for EAP-TLS 1.3, it
would be relatively easy to add context information is that is believed to
increase current or future security.
Cheers,
John
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
