1 / 7

draft-ohba-pana-pemk-02

draft-ohba-pana-pemk-02. Basavaraj Patil (on behalf of Yoshihiro Ohba ). What is defined. This document defines a master key used between PaC (PANA Client) and EP (Enforcement Point) for bootstrapping lower-layer ciphering The master key: PEMK (PaC-EP Master Key) Lower-layer ciphering

masako
Download Presentation

draft-ohba-pana-pemk-02

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-ohba-pana-pemk-02 BasavarajPatil (on behalf of Yoshihiro Ohba) IETF73 PANA WG

  2. What is defined • This document defines a master key used between PaC (PANA Client) and EP (Enforcement Point) for bootstrapping lower-layer ciphering • The master key: PEMK (PaC-EP Master Key) • Lower-layer ciphering • L3 ciphering - IPsec • L2 ciphering – 802.11, etc. IETF73 PANA WG

  3. PEMK Derivation • PEMK (64-octet) = prf+(MSK, "IETF PEMK" | SID | KID | EPID) • MSK: EAP Master Session Key • SID : four-octet PANA session identifier • KID: the content of the PANA Key-ID AVP associated with the MSK • EPID: the identifier of the EP. • The first two octets represents the AddressType, which contains an Address Family defined in [IANAADFAM]. The remaining octets encode the address value. The length of the address value is determined by the AddressType. • The AddressType is used to discriminate the content and format of the remaining octets for the address value. • The use of address family and address value in EPID guarantees the cryptographic independence of PEMKs among multiple EPs across multiple lower-layer protocols • How a PaC configures an EPID of EP is out of scope IETF73 PANA WG

  4. Key Name, Scope, Context and Lifetime • Key Name • PEMKname = MD5(EPID | SID | KID) • Key Scope: Between PaC and EP • Key Context: A PEMK is used as the pre-shared key of the secure association protocol in the scope of the PEMK. A PEMK MUST NOT be used for any other usage • Key Lifetime: The lifetime of a PEMK MUST be no greater than the lifetime of the MSK IETF73 PANA WG

  5. Changes from -01 • Added Key Name definition • Updated references • Removed reference to draft-ietf-hokey-key-mgm for distribution of PEMK from PAA to EP • Reason: The hokey-key-mgm I-D only supports HOKEY key distribution and cannot be used for PEMK distribution IETF73 PANA WG

  6. Possible Next Steps • Accept this draft as a WG document • Revise draft-ietf-pana-ipsec to use the PEMK as the IKE Pre-shared Key IETF73 PANA WG

  7. Thanks IETF73 PANA WG

More Related