7/13/061 Handover Keying Reqs IETF 66 Montreal. 7/13/062 Problem scope requirements (1) MUST Support...
-
Upload
edwin-norman -
Category
Documents
-
view
216 -
download
0
Transcript of 7/13/061 Handover Keying Reqs IETF 66 Montreal. 7/13/062 Problem scope requirements (1) MUST Support...
7/13/06 1
Handover Keying Reqs
IETF 66 Montreal
7/13/06 2
Problem scope requirements (1)
• MUST Support multiple access technologies
• MUST not require full EAP re-authentication within same AAA domain– Handover (inter and intra ADC)
– Authorization Session Expiry
• MUST support deployments with disjoint AN and ADC– Distinct AN-ID and ADC-ID
– Distinct per AN and per ADC keys (derivation and transport)
– Channel binding for each key
• MUST be EAP-method independent in all aspects
7/13/06 3
Hierarchy Requirement (2)
• MUST determine whether to use MSK or USRK (from EMSK)– If USRK, then SHOULD develop spec USRK for
handover (HRK)
• MUST define key derivation/ management at each level (i.e. at AAA server, at ADC level, at AN)– If outside IETF scope (MN-AN): Should define
Requirement/ guidance/ parameters specifications (e.g. for channel binding, scoping, caching life time)
7/13/06 4
Signaling requirements
• MUST define key transport/management requirements.– SHOULD define key transport signaling protocols
• MUST investigate delay performance optimization alternatives– SHOULD support proactive and reactive signaling (pre
and post HO)
7/13/06 5
Key Scope requirementsHierarchy level i=HLi (root key: i=0)
• MUST define key life/scope for keys at any HLi.– Should define life time relationships between HLi and HLi+1
• Compromise of an HLi+1 key MUST not lead to compromise of keys at HLi at the same or other entities
• Compromise of an HLi key MUST not lead to compromise of keys at the same level (HLi) at other entities
• Compromise of an HLi key SHOULD not lead to compromise of HLi keys (same level) at same entity