RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5216, "The EAP-TLS Authentication Protocol", March 2008

Source of RFC: emu (sec)

Errata ID: 1392
Status: Rejected
Type: Technical
Publication Format(s) : TEXT

Reported By: Alfred Hoenes
Date Reported: 2008-03-26
Rejected by: Pasi Eronen
Date Rejected: 2008-12-04

Section 2.3,pg.19 says:

[lower part of Figure 2]

         |                       |                         |
         V                       V                         V
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                         |
   |                        MSK, EMSK                        |
   |               label == "client EAP encryption"          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |             |             |
     | MSK(0,31)   | MSK(32,63)  | EMSK(0,63)
     |             |             |
     |             |             |
     V             V             V

                     Figure 2 - EAP-TLS Key Hierarchy

It should say:

         |                       |                         |
         V                       V                         V
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                         |
   |                        MSK, EMSK                        |
   |               label == "client EAP encryption"          |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |              |              |            |
|    | Enc-RECV-Key | Enc-SEND-Key | RECV-IV    | SEND-IV
|    |  =           |  =           |  =         |  =
|    | MSK(0,31)    | MSK(32,63)   | EMSK(0,31) | EMSK(32,63)
     |              |              |            |
     V              V              V            V

                     Figure 2 - EAP-TLS Key Hierarchy

Notes:

Rationale:

Figure 2 should be comparable to Figure 1, but it does not
show the final deliverables with their names as they appear
in the referenced documents.
Also, the figure is surprisingly unbalanced; it shows the split
of MSK, but it does not show the split of EMSK; I cannot detect
any reason for this difference.
The proposal above includes both these names and the technical
details of how these variables are derived from MSK and EMSK,
according to the formulae given near the bottom of page 18.

To avoid these technical details and better align the abstraction
level in the presentation with Figure 1, alternatively the second
and the third tagged line above (those with "=" and MSK/EMSK)
could be left off.
--VERIFIER NOTES--

The updated figure is wrong -- RECV-IV/SEND-IV are not derived from EMSK.

Report New Errata