Proposed PRF Text Changes

1. Proposed PRF Text Changes Jesse Walker Intel Corporation Jesse Walker, Intel Corporation

2. Proposed PRF PRF-AES(Key, AuthenticatorMAC, SupplicantMAC, Label, Nonce, Length) R “” iterations (Length+15)/16 fori 1 toiterationsdo RR | AES-CBC-MAC(Key, AuthenticatorMAC | SupplicantMAC | i | Label | Nonce | Length) returnSubstring(R, 0, Length) Jesse Walker, Intel Corporation

3. Discussion • Neither current PRF nor proposed PRF conforms to draft NIST SP 800-56 • Current PRF does not exploit full entropy of PMK, but proposed PRF does • Current PRF subject to prefix attacks, but proposed PRF does Jesse Walker, Intel Corporation

4. Motions • Instruct the editor to replace the text of Clause 8.5.1.1 with text from doc 02-795r2 • Instruct the 802.11 Chair to submit the following comment to NIST comments list kmscomments@nist.gov by April 3: “IEEE 802.11 would like NIST to allow AES-CBC-MAC to be used in approved KDF functions as an alternative to a one-way hash function in Clause 5.3 of draft SP 800-56.” Jesse Walker, Intel Corporation