RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 8110, "Opportunistic Wireless Encryption", March 2017

Source of RFC: IETF - NON WORKING GROUP

Errata ID: 6182
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Jouni Malinen
Date Reported: 2020-05-19

Section 4.2 says:

   +----------+--------+-------------------+-------------+-------------+
   |   OUI    | Suite  |   Authentication  |     Key     |     Key     |
   |          |  Type  |        Type       |  Management |  derivation |
   |          |        |                   |     Type    |     type    |
   +----------+--------+-------------------+-------------+-------------+
   | 00-0F-AC |   18   |   Opportunistic   |     This    |  [RFC5869]  |
   |          |        |      Wireless     |   document  |             |
   |          |        |     Encryption    |             |             |
   +----------+--------+-------------------+-------------+-------------+

                             Table 1: OWE AKM

It should say:

   +----------+-------+------------------+-------------+---------------+
   |   OUI    | Suite |  Authentication  |     Key     |      Key      |
   |          |  Type |       Type       |  Management |   derivation  |
   |          |       |                  |     Type    |      type     |
   +----------+-------+------------------+-------------+---------------+
   | 00-0F-AC |   18  |  Opportunistic   |     This    | [IEEE802.11], |
   |          |       |     Wireless     |   document  | 12.7.1.7.2    |
   |          |       |    Encryption    |             |               |
   +----------+-------+------------------+-------------+---------------+

                             Table 1: OWE AKM

Notes:

The combination of IEEE Std 802.11-2016 and IETF RFC 8110 leaves it
somewhat vague how the PTK is to be derived from the PMK when using OWE.

IEEE 802.11 performs PTK derivation as part of the 4-way handshake using
a KDF with following parameters: KDF-Hash-Length(K, Label, Context).

RFC 5869 defines HKDF with HKDF-Extract(salt, IKM) -> PRK,
HKDF-Expand(PRK, info, L) -> OKM. It is not clear what would be "salt"
and "info" for these functions without mapping from the IEEE 802.11
terms (e.g., those "Label" and "Context"). Such mapping is missing from
RFC 8110.

Either the additional needed details for PTK derivation would need to be
provided for the OWE AKM or the IEEE 802.11 KDF would need to be used
instead of HKDF for the PTK derivation part (while other key derivations
for OWE could continue to use HKDF since they are fully defined in the
RFC).

Since there are already deployed OWE implementations that use the IEEE
802.11 KDF for this, this errata entry is suggesting a change to address
the alternative that matches such implementations.

Report New Errata