On Mon, Oct 26, 2020 at 1:25 AM Oleg Pekar <oleg.pekar.2...@gmail.com> wrote:
> It Should say: >> >> S-IMCK[j] = first 40 octets of IMCK[j] >> CMK[j] = last 20 octets of IMCK[j] >> where TLS-PRF is the PRF negotiated as part of TLS handshake [RFC5246]. >> If no inner EAP method has been run the S-IMCK and CMK are generated as >> above from S-IMCK[0]. > > > Joe, for me it still doesn't sound as exact enough instructions. We should > explain how to generate S-IMCK and CMK for no inner method case with more > details. > > [Joe] Good catch, S-IMCK[0] is only 40 octets. Looking at this I think it makes more sense to Change If the ith inner method does not generate an EMSK or MSK, then IMSKi is set to zero (e.g., MSKi = 32 octets of 0x00s). To: If the jth inner method does not generate an EMSK or MSK, or no inner method has been run then IMSK[j] is set to zero (32 octets of 0x00s). > The Crypto-Binding TLV MUST be exchanged and verified before the >> final Result TLV exchange, regardless of whether there is an inner >> EAP method authentication or not. > > This still remains an open question whether we MUST send Crypto-Binding > TLV after Basic-Password-Authentication exchange or not. Is > Basic-Password-Authentication treated just as a case of no inner EAP > authentication method? It is also discussed in the errata 5844 thread. > > [Joe] I don't think so, but let's discuss on the 5844 thread. > Regarding introduction of Zero-MSK flag in Crypto-Binding TLV - do you > think it is unnecessary? So if one peer doesn't export a specific inner > method MSK and ESMK and uses Zero-MSK and another peer expects MSK or ESMK > - then the Crypto-Binding TLV exchange will fail naturally. Maybe it's > worth saying exactly that if the inner method exports MSK or EMSK then each > peer MUST use it and not Zero-MSK. > [Joe] It doesn't seem to me that the Zero-MSK flag is necessary, I'd rather not add new signals if we do not need them now. If a method generates an MSK then I think it must be used. We can add a sentence saying that to the above revision. If the jth inner method does not generate an EMSK or MSK, or no inner method has been run then IMSK[j] is set to zero (32 octets of 0x00s). If a method generates an MSK or EMSK the zero IMSK MUST NOT be used.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
