draft-ietf-hokey-reauth-ps-06.txt   draft-ietf-hokey-reauth-ps-07.txt 
HOKEY Working Group T. Clancy, Editor HOKEY Working Group T. Clancy
Internet-Draft LTS Internet-Draft LTS
Intended status: Informational November 6, 2007 Intended status: Informational M. Nakhjiri
Expires: May 9, 2008 Expires: May 13, 2008 Motorola
V. Narayanan
L. Dondeti
Qualcomm
November 10, 2007
Handover Key Management and Re-authentication Problem Statement Handover Key Management and Re-authentication Problem Statement
draft-ietf-hokey-reauth-ps-06 draft-ietf-hokey-reauth-ps-07
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 38
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 9, 2008. This Internet-Draft will expire on May 13, 2008.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This document describes the Handover Keying (HOKEY) problem This document describes the Handover Keying (HOKEY) problem
statement. The current Extensible Authentication Protocol (EAP) statement. The current Extensible Authentication Protocol (EAP)
keying framework is not designed to support re-authentication and keying framework is not designed to support re-authentication and
skipping to change at page 2, line 26 skipping to change at page 2, line 29
5.5. Channel Binding . . . . . . . . . . . . . . . . . . . . . 7 5.5. Channel Binding . . . . . . . . . . . . . . . . . . . . . 7
5.6. Transport Aspects . . . . . . . . . . . . . . . . . . . . 7 5.6. Transport Aspects . . . . . . . . . . . . . . . . . . . . 7
6. Use Cases and Related Work . . . . . . . . . . . . . . . . . . 8 6. Use Cases and Related Work . . . . . . . . . . . . . . . . . . 8
6.1. IEEE 802.11r Applicability . . . . . . . . . . . . . . . . 8 6.1. IEEE 802.11r Applicability . . . . . . . . . . . . . . . . 8
6.2. IEEE 802.21 Applicability . . . . . . . . . . . . . . . . 8 6.2. IEEE 802.21 Applicability . . . . . . . . . . . . . . . . 8
6.3. CAPWAP Applicability . . . . . . . . . . . . . . . . . . . 9 6.3. CAPWAP Applicability . . . . . . . . . . . . . . . . . . . 9
6.4. Inter-Technology Handover . . . . . . . . . . . . . . . . 9 6.4. Inter-Technology Handover . . . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . 9 7. Security Considerations . . . . . . . . . . . . . . . . . . . 9
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10 9. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . . 11 10.1. Normative References . . . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . . 11 10.2. Informative References . . . . . . . . . . . . . . . . . . 11
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
Intellectual Property and Copyright Statements . . . . . . . . . . 13 Intellectual Property and Copyright Statements . . . . . . . . . . 13
1. Introduction 1. Introduction
The Extensible Authentication Protocol (EAP), specified in RFC 3748 The Extensible Authentication Protocol (EAP), specified in RFC 3748
[RFC3748] is a generic framework supporting multiple authentication [RFC3748] is a generic framework supporting multiple authentication
methods. The primary purpose of EAP is network access control. It methods. The primary purpose of EAP is network access control. It
also supports exporting session keys derived during the also supports exporting session keys derived during the
authentication. The EAP keying hierarchy defines two keys that are authentication. The EAP keying hierarchy defines two keys that are
derived at the top level, the Master Session Key (MSK) and the derived at the top level, the Master Session Key (MSK) and the
skipping to change at page 9, line 9 skipping to change at page 9, line 9
are looking at transitions from one link-layer protocol to another, are looking at transitions from one link-layer protocol to another,
which is currently beyond the scope of the HOKEY charter. which is currently beyond the scope of the HOKEY charter.
The techniques developed within HOKEY could be applicable to IEEE The techniques developed within HOKEY could be applicable to IEEE
802.21 if the necessary issues with handover between different lower 802.21 if the necessary issues with handover between different lower
layers can be resolved. In particular, pre-authentication may be layers can be resolved. In particular, pre-authentication may be
more appropriate than re-authentication. more appropriate than re-authentication.
6.3. CAPWAP Applicability 6.3. CAPWAP Applicability
The IETF CAPWAP WG [RFC3990] is developing a protocol between what is The IETF CAPWAP Working Group [RFC3990] is developing a protocol
termed an Access Controller (AC) and Wireless Termination Points between what is termed an Access Controller (AC) and Wireless
(WTP). The AC and WTP can be mapped to a WLAN switch and Access Termination Points (WTP). The AC and WTP can be mapped to a WLAN
Point respectively. The CAPWAP model supports both split and switch and Access Point respectively. The CAPWAP model supports both
integrated MAC architectures, with the authenticator always being split and integrated MAC architectures, with the authenticator always
implemented at the AC. being implemented at the AC.
The proposed work on EAP efficient re-authentication protocol The proposed work on EAP efficient re-authentication protocol
addresses an inter-authenticator handover problem from an EAP addresses an inter-authenticator handover problem from an EAP
perspective, which applies during handover between ACs. Inter- perspective, which applies during handover between ACs. Inter-
controller handover is a topic yet to be addressed in great detail controller handover is a topic yet to be addressed in great detail
and the re-authentication work can potentially address it in an and the re-authentication work can potentially address it in an
effective manner. effective manner.
6.4. Inter-Technology Handover 6.4. Inter-Technology Handover
skipping to change at page 10, line 12 skipping to change at page 10, line 12
resistance to attacks based on the domino effect; and authentication resistance to attacks based on the domino effect; and authentication
and authorization. See section Section 5 for further details. and authorization. See section Section 5 for further details.
8. IANA Considerations 8. IANA Considerations
This document does not introduce any new IANA considerations. This document does not introduce any new IANA considerations.
9. Contributors 9. Contributors
This document represents the synthesis of two problem statement This document represents the synthesis of two problem statement
documents. In this section, we acknowledge their contributions. documents. In this section, we acknowledge their contributions, and
involvement in the early documents.
Authors of "AAA based Keying for Wireless Handovers: Problem
Statement" are:
Madjid Nakhjiri
Motorola Labs
Email: madjid.nakhjiri@motorola.com
Mohan Parthasarathy Mohan Parthasarathy
Nokia Nokia
Email: mohan.parthasarathy@nokia.com Email: mohan.parthasarathy@nokia.com
Julien Bournelle Julien Bournelle
France Telecom R&D France Telecom R&D
Email: julien.bournelle@orange-ftgroup.com Email: julien.bournelle@orange-ftgroup.com
Hannes Tschofenig Hannes Tschofenig
Siemens Siemens
Email: Hannes.Tschofenig@siemens.com Email: Hannes.Tschofenig@siemens.com
Rafael Marin Lopez, Editor Rafael Marin Lopez
Universidad de Murcia Universidad de Murcia
Email: rafa@dif.um.es Email: rafa@dif.um.es
Authors of "Problem Statement on EAP Efficient Re-authentication and
Key Management" are:
Vidya Narayanan
QUALCOMM, Inc.
Email: vidyan@qualcomm.com
Lakshminath Dondeti
QUALCOMM, Inc.
Email: ldondeti@qualcomm.com
10. References 10. References
10.1. Normative References 10.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H. [RFC3748] Aboba, B., Blunk, L., Vollbrecht, J., Carlson, J., and H.
Levkowetz, "Extensible Authentication Protocol (EAP)", Levkowetz, "Extensible Authentication Protocol (EAP)",
RFC 3748, June 2004. RFC 3748, June 2004.
skipping to change at page 12, line 5 skipping to change at page 11, line 32
information exchange between systems - Local and information exchange between systems - Local and
metropolitan area networks - Specific requirements - Part metropolitan area networks - Specific requirements - Part
11: Wireless LAN Medium Access Control (MAC) and Physical 11: Wireless LAN Medium Access Control (MAC) and Physical
Layer (PHY) specifications - Amendment 2: Fast BSS Layer (PHY) specifications - Amendment 2: Fast BSS
Transition", IEEE Standard 802.11r, June 2007. Transition", IEEE Standard 802.11r, June 2007.
[IEEE.802-21] [IEEE.802-21]
"Media Independent Handover Working Group", IEEE Working "Media Independent Handover Working Group", IEEE Working
Group 802.21. Group 802.21.
Author's Address Authors' Addresses
T. Charles Clancy, Editor T. Charles Clancy, Editor
DoD Laboratory for Telecommunications Sciences Laboratory for Telecommunications Sciences
8080 Greenmead Drive US Department of Defense
College Park, MD 20740 College Park, MD
USA USA
Email: clancy@LTSnet.net Email: clancy@LTSnet.net
Madjid Nakhjiri
Motorola
Email: madjid.nakhjiri@motorola.com
Vidya Narayanan
Qualcomm, Inc.
San Diego, CA
USA
Email: vidyan@qualcomm.com
Lakshminath Dondeti
Qualcomm, Inc.
San Diego, CA
USA
Email: ldondeti@qualcomm.com
Full Copyright Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
 End of changes. 13 change blocks. 
38 lines changed or deleted 43 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/