Re: [Emu] I-D Action:draft-ietf-emu-eap-gpsk-07.txt

Tue, 04 Dec 2007 13:46:08 -0800 

Jouni,

Thanks for your comments.  They have been addressed in v08.

http://www.ietf.org/internet-drafts/draft-ietf-emu-eap-gpsk-08.txt

--
t. charles clancy, ph.d.                 eng.umd.edu/~tcc
electrical & computer engineering, university of maryland


Jouni Malinen wrote:

On Mon, Nov 19, 2007 at 03:50:02AM -0500, [EMAIL PROTECTED] wrote:


        Title           : EAP Generalized Pre-Shared Key (EAP-GPSK)
        Filename        : draft-ietf-emu-eap-gpsk-07.txt


Minor editorial comments:

It looks like the general description of MK derivation in '4. Key
Derivation' was not updated to match with the ciphersuite specific
changes in 7.1.3 and 7.2.3.

The following lines:
   o  inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server
   o  zero = 0x00 || 0x00 || ... || 0x00 (KS times)

   o  MK = KDF-KS(zero, PL || PSK || CSuite_Sel || inputString)[0..KS-1]

would need to be changed to:
   o  inputString = RAND_Peer || ID_Peer || RAND_Server || ID_Server

   o  MK = KDF-KS(PSK[0..KS-1], PL || PSK || CSuite_Sel || inputString)[0..KS-1]




7.1.3 and 7.2.3:

   MK = GKDF-16 (PSK[0..127], PL || PSK || CSuite_Sel || inputString)
   MK = GKDF-32 (PSK[0..255], PL || PSK || CSuite_Sel || inputString)

The 0..127 and 0..255 are clearly usings bits, but these should be bytes
to be consistent with the 0..KS-1 style used elsewhere, i.e., these
lines should be

   MK = GKDF-16 (PSK[0..15], PL || PSK || CSuite_Sel || inputString)
   MK = GKDF-32 (PSK[0..31], PL || PSK || CSuite_Sel || inputString)


Now that definition of 'zero' was removed from MK derivation, Method-ID
derivation is using implicitly defined 'zero'. Even though it is
relatively obvious what length will be used here, it would be better to
state this explicitly:

Add following line to 7.1.3 before Method-ID derivation:
zero = 0x00 || 0x00 || ... || 0x00 (16 times)

Add following line to 7.2.3 before Method-ID derivation:
zero = 0x00 || 0x00 || ... || 0x00 (32 times)


Especially the ciphersuite 2 case would benefit from explicit statement
since HMAC-SHA256 could use any key length. I don't see any particular
need for this to be 32 octets, but that would be consistent with other
uses of GKDF and anyway, this matches with the KS-octet 'zero' used in
Ch. 4.




_______________________________________________
Emu mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/emu

Reply via email to