90 likes | 226 Views
Summary of Updates to Abbreviated Handshake. Date: 2009-03-06. Abstract. This document summarizes the several changes to the Abbreviated Handshake specification Normative text in doc.:11-09/0266r0 and corresponding comment spreadsheet in doc.:11-09/0267r0
E N D
Summary of Updates to Abbreviated Handshake Date: 2009-03-06 Meiyuan Zhao, Intel
Abstract • This document summarizes the several changes to the Abbreviated Handshake specification • Normative text in doc.:11-09/0266r0 and corresponding comment spreadsheet in doc.:11-09/0267r0 Note: adoption of 11-09/0266r0 depends on the adoption of Mesh Peering Instance Controller (11-09/0287r0) Meiyuan Zhao, Intel
Major Changes • Moved AbbrHS FSM to SME (CIDs 190, 212) • Update PMK selection procedure (CIDs 204, 226, 1254) • Remove AKM suite selection and KDF selection (CIDs 193, 205) • Resolve AbbrHS and PLM interaction (CIDs 187, 209) Meiyuan Zhao, Intel
Move AbbrHS to SME • AbbrHS is for peering management and key management • Peering Management Protocol now in SME • Security associations are managed in SME • Updates • Remove unnecessary MLME primitives • Update FSM specification accordingly • CIDs: 190, 212 Meiyuan Zhao, Intel
Update PMK Selection • Reasons • MKD domains removed with MSA protocols • Each pair of mesh STAs should share at most one valid PMK • Text to be added to specify protocol interactions (SAE and AbbrHS) and PMKSA requirements • PMK selection using two lists is no longer a valid case • Update • Single value confirmation using Peering Open and Peering Confirm • Update FSM specification accordingly (remove MESH_ALT_KEY status code) • CIDs • 204, 226, 1254 Meiyuan Zhao, Intel
Update AKM and KDF Selection • Issues • AKM should include KDF • AKMP in fact is part of PMKSA • SAE should be updated to specify how to reach agreement on AKMP • Protocol interaction between SAE and AbbrHS should be updated accordingly • Update • Remove AKM selection and KDF selection • Remove NOAKM_RJCT and NOKDF_RJCT events from FSM • CIDs • 193, 205 Meiyuan Zhao, Intel
Update AbbrHS and PLM Interaction • Issue: Both protocols use Peering Management frames that cause ambiguity in protocol initiation • Update • Add a new “Mesh Peering Protocol Version” information element in all Peering Management frames • Define two values: “Peering Management Protocol” and “Abbreviated Handshake Protocol” • CIDs • 187, 209 Meiyuan Zhao, Intel
Update FSM Specification • Update • Remove CNF_ACPT event from CNF_RCVD state • Add OPN_ACPT event in OPN_RCVD state • PLM should be updated too • Remove NOAKM_RJCT and NOKDF_RJCT events • Update FSM to work with Mesh Peering Instance Controller • Remove LISTEN state • Remove NOKEY_RJCT event • CIDs • 165, 171, 210 Meiyuan Zhao, Intel
Other Changes • Update GTK wrapping (CIDs 200, 202) • Add lifetime in wrapped GTK key material • Add specification on update GTK upon expiry • Remove “echo” of received GTK in Peering Confirm frame • Clean up frame processing (CIDs 189, 207) • Misc frame formating update • Remove V.5 (CIDs 217, 218, 220) • Require substantial update to reflect normative text • Served purpose of educating readers Meiyuan Zhao, Intel