RFC Errata
RFC 8110, "Opportunistic Wireless Encryption", March 2017
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 6182
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Jouni Malinen
Date Reported: 2020-05-19
Section 4.2 says:
+----------+--------+-------------------+-------------+-------------+ | OUI | Suite | Authentication | Key | Key | | | Type | Type | Management | derivation | | | | | Type | type | +----------+--------+-------------------+-------------+-------------+ | 00-0F-AC | 18 | Opportunistic | This | [RFC5869] | | | | Wireless | document | | | | | Encryption | | | +----------+--------+-------------------+-------------+-------------+ Table 1: OWE AKM
It should say:
+----------+-------+------------------+-------------+---------------+ | OUI | Suite | Authentication | Key | Key | | | Type | Type | Management | derivation | | | | | Type | type | +----------+-------+------------------+-------------+---------------+ | 00-0F-AC | 18 | Opportunistic | This | [IEEE802.11], | | | | Wireless | document | 12.7.1.7.2 | | | | Encryption | | | +----------+-------+------------------+-------------+---------------+ Table 1: OWE AKM
Notes:
The combination of IEEE Std 802.11-2016 and IETF RFC 8110 leaves it
somewhat vague how the PTK is to be derived from the PMK when using OWE.
IEEE 802.11 performs PTK derivation as part of the 4-way handshake using
a KDF with following parameters: KDF-Hash-Length(K, Label, Context).
RFC 5869 defines HKDF with HKDF-Extract(salt, IKM) -> PRK,
HKDF-Expand(PRK, info, L) -> OKM. It is not clear what would be "salt"
and "info" for these functions without mapping from the IEEE 802.11
terms (e.g., those "Label" and "Context"). Such mapping is missing from
RFC 8110.
Either the additional needed details for PTK derivation would need to be
provided for the OWE AKM or the IEEE 802.11 KDF would need to be used
instead of HKDF for the PTK derivation part (while other key derivations
for OWE could continue to use HKDF since they are fully defined in the
RFC).
Since there are already deployed OWE implementations that use the IEEE
802.11 KDF for this, this errata entry is suggesting a change to address
the alternative that matches such implementations.