Errata 5775: https://www.rfc-editor.org/errata/eid5775
Proposed Status: Verified
Revision:
Section 5.2 Says:
S-IMCK[j] = first 40 octets of IMCK[j]
CMK[j] = last 20 octets of IMCK[j]
where TLS-PRF is the PRF negotiated as part of TLS handshake [RFC5246].
It Should say:
S-IMCK[j] = first 40 octets of IMCK[j]
CMK[j] = last 20 octets of IMCK[j]
where TLS-PRF is the PRF negotiated as part of TLS handshake [RFC5246].
If no inner EAP method has been run the S-IMCK and CMK are generated as
above from S-IMCK[0].
Section 4.2.13 Says:
The Crypto-Binding TLV MUST be exchanged and verified before the
final Result TLV exchange, regardless of whether there is an inner
EAP method authentication or not. It MUST be included with the
Intermediate-Result TLV to perform cryptographic binding after each
successful EAP method in a sequence of EAP methods, before proceeding
with another inner EAP method. The Crypto-Binding TLV is valid only
if the following checks pass:
It should say:
The Crypto-Binding TLV MUST be exchanged and verified before the
final Result TLV exchange, regardless of whether there is an inner
EAP method authentication or not. If an inner EAP method is not
executed with successful authentication then the EMSK Compound MAC
field contains the MAC using keys generated according to section 5.2.
It MUST be included with the Intermediate-Result TLV to perform
cryptographic binding after each successful EAP method in a sequence
of EAP methods, before proceeding with another inner EAP method. The
Crypto-Binding TLV is valid only if the following checks pass:
Notes:
How to calculate the CMK and other keys when no inner method was run was
unspecified. This revision specifies that the CMK is generated from
S-IMSK[0]
and the MAC goes into the EMSK field.
_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu
