RE: stds-802-16: 802.16d - 7.5.2.2
Vladimir,
Thanks,
It may be so from implementation point of view, but looking at real time, for x.509 certification, there are no realtime constrains, but for the traffic, you need to be quick. this calls probably for external RSA chip, or a bigger processor then the one required for the MAC. With 3-DES I would assume (did not check yet) these drawbacks are probably in smaller scale.
Ofer
-----Original Message-----
From: Vladimir Yanover [mailto:vladimir.yanover@alvarion.com]
Sent: 14 December, 2003 1:30 PM
To: Ofer Kelman
Subject: RE: stds-802-16: 802.16d - 7.5.2.2
Ofer,
As far as I remember, the history was that if you already have implemented
RSA for X.509 certificate validation,
it is considerably easy [from the prospect of development efforts] to reuse
it for TEK encryption.
Vladimir
-----Original Message-----
From: Ofer Kelman [mailto:okelman@Airspan.com]
Sent: Thursday, December 11, 2003 12:39 PM
To: Johnston, Dj; Eyal Verbin; carl.eklund@nokia.com
Cc: stds-802-16@ieee.org
Subject: RE: stds-802-16: 802.16d - 7.5.2.2
DJ,
Your suggestion sounds quite reasonable. I don't know the history behind
mandating RSA over 3-DES, but I know it is much simpler, quicker, license
free and symmetric.
Ofer
-----Original Message-----
From: owner-stds-802-16@majordomo.ieee.org
[mailto:owner-stds-802-16@majordomo.ieee.org]On Behalf Of Johnston, Dj
Sent: 10 December, 2003 10:11 PM
To: Eyal Verbin; carl.eklund@nokia.com
Cc: stds-802-16@ieee.org
Subject: RE: stds-802-16: 802.16d - 7.5.2.2
Carl, Eyal,
Thankyou for your timely responses.
It seems that there is something of a inconsistency here. The argument
for doing RSA key transfer in mesh seems plausible (I've not looked too
closely) but it does not make sense for PMP where 3DES based key
transfer appears much more efficient, given that we already have
exchanged and AK using RSA and the additional overhead of another RSA
operation seems unecessary.
Looking at the profiles for WirelessMAN OFDM, 12.3.1.1.1 Table 300 (in
draft D2) makes RSA key exchange mandatory and 3DES optional. For Mesh,
Table 301 does the same thing.
Perhaps we should at least amend Table 300 to swap the mandatory
requirement to 3DES EDE and the optional requirement to RSA.
What do you think?
Thanks,
DJ
Carl:
>TEK exchange using RSA is included to support TEK exchange
>in a mesh system. Although it perfectly well could be used
>in a PMP system that was never the intention. I also think
>the details of the procedure are quite unspecified.
Eyal:
>There are two options for TEK encryption: 3DES and RSA.
>Note that currently the RSA is the mandatory one in terms
>of the system profiles for WirelesMAN OFDM.
David Johnston
Intel Corporation
Chair, IEEE 802 Handoff ECSG
Email : dj.johnston@intel.com
Tel : 503 380 5578 (Mobile)
Tel : 503 264 3855 (Office)
> -----Original Message-----
> From: owner-stds-802-16@majordomo.ieee.org
> [mailto:owner-stds-802-16@majordomo.ieee.org] On Behalf Of Eyal Verbin
> Sent: Wednesday, December 10, 2003 12:36 AM
> To: Johnston, Dj
> Cc: stds-802-16@ieee.org
> Subject: RE: stds-802-16: 802.16d - 7.5.2.2
>
>
> There are two options for TEK encryption: 3DES and RSA. Note
> that currently the RSA is the mandatory one in terms of the
> system profiles for WirelesMAN OFDM.
>
> -----Original Message-----
> From: owner-stds-802-16@majordomo.ieee.org
> [mailto:owner-stds-802-16@majordomo.ieee.org]> On Behalf Of Johnston,
Dj
> Sent: Tuesday, December 09, 2003 10:17 PM
> To: stnds-802-16@ieee.org
> Subject: stds-802-16: 802.16d - 7.5.2.2
>
>
> Can anyone explain the purpose of 7.5.2.2 or comment on whether anyone
> uses it?
>
> "7.5.2.2 Encryption of TEK with RSA
>
> The RSA method of encrypting the TEK (PKCS #1 v2.0, RSA Cryptography
> Standard, RSA Laboratories,
> October 1998) shall be used for SAs with the TEK encryption algorithm
> identifier in the cryptographic suite
> equal to 0x02."
>
> Thanks,
> DJ
>
> David Johnston
> Intel Corporation
> Chair, IEEE 802 Handoff ECSG
>
> Email : dj.johnston@intel.com
> Tel : 503 380 5578 (Mobile)
> Tel : 503 264 3855 (Office)
>
>
>
This mail passed through mail.alvarion.com
****************************************************************************
********
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer
viruses.
****************************************************************************
********
This mail was sent via mail.alvarion.com
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************