#23: Tunnel Protection requirements > Section 4.2.1.1.2 > > "See Part 1 of the NIST Recommendation for > Key Management [NIST SP 800-57] for a discussion of the relative > strengths of common algorithms." > > Why not reference the NIST SP 800-120 requirements here? >
> "o One-way key derivation > o Cryptographically separated keys. > o Cryptographically separated entities. > o Identity binding > o Context binding > o Key lifetime > o Mutual implicit key authentication > o Key freshness" > > Given that this document assumes a TLS-based tunnel method, > the text on requirements can be made considerably more > specific and actionable based on TLS properties and the > specific requirements of NIST 800-120. > As it stands, a number of these requirements either don't > apply to EAP methods at all (e.g. context binding, key > lifetime) but rather to other elements of the system, or are > automatically provided by TLS (e.g. key freshness, Identity > binding). > > So these requirements need to be made actionable and > specific. The ones that don't apply to the problem at hand > (e.g. TLS-based tunnel euth) should be removed. > -- Ticket URL: <http://trac.tools.ietf.org/wg/emu/trac/ticket/23> emu <http://tools.ietf.org/wg/emu/> _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
