Hi Malisa: (Changing the subject to "EAP clarifications" since this thread is about EAP only)
> El 5 nov 2015, a las 16:19, Malisa Vucinic <[email protected]> escribió: > > >> On 05 Nov 2015, at 14:01, Rafa Marin Lopez <[email protected]> wrote: >> >> What I meant is that for security reasons we will have to refresh the keying >> material. For example, EAP Key Management Framework recommends 8 hours as >> default lifetime (this might be modified in this type of networks). Thus, I >> do not think the source code will be used only once. > > Ok, I see what you mean. So, yes, if we go for the EAP approach, we would be > using it for rekeying as well. The problem I have there is that we will in > any case need to use DTLS, and even maybe the object security mechanism ACE > comes up with for application session security so I don’t think this would be > optimal from code point of view. Precisely the key material after the EAP authentication is useful to bootstrap key material either DTLS or any object security mechanism. > > >>> >>>> EAP-AKA has two messages + EAP Success : EAP-Req/AKA (4 bytes header EAP + >>>> 1 the type) + EAP-Resp/AKA (4 bytes header EAP +1 the type) + EAP >>>> success(4 bytes) = 14 overhead with respect to running “AKA" without EAP. >>> >>> Ok thanks. So, am I right if I say that this will trigger 3 additional >>> frames at L2 with additional CoAP / UDP-6LoWPAN-IPv6 / 15.4 overhead? >> >> Not sure about what you mean with 3 “additional" frames at L2. Additional to >> what else?. You also mention additional CoAP/UDP...? Are you assuming >> CoAP-EAP? > > I was referring to the 14-byte overhead you referenced above in case we use > CoAP for EAP transport. Is my understanding wrong? The 14-byte overhead is the EAP overhead (EAP header and type) in a particular EAP method as the case of EAP-AKA. My point is that the important part is the KMP in the EAP method and not EAP itself. Thus, the KMP used in the EAP method needs to be reduced. But EAP allows to select a suitable EAP method for these cases. Best Regards. > > > _______________________________________________ > 6tisch mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6tisch ------------------------------------------------------- Rafael Marin Lopez, PhD Dept. Information and Communications Engineering (DIIC) Faculty of Computer Science-University of Murcia 30100 Murcia - Spain Telf: +34868888501 Fax: +34868884151 e-mail: [email protected] ------------------------------------------------------- _______________________________________________ 6tisch mailing list [email protected] https://www.ietf.org/mailman/listinfo/6tisch
