Thanks Alan, Yeah I was also not sure why PEAPv02 start using old seed. Could it be because most PEAPv1 implementation still use old seed and hence new draft thought of falling to old seed? Also is their any draft which mandate old seed for PEAPv0 because the draft didn't say anything about it. A quote from draft says " [a] The PEAPv2 tunnel key (TK) is calculated using the first 40 octets of the (secret) key material generated as described in the EAP-TLS algorithm ([RFC2716] Section 3.5 <https://tools.ietf.org/html/rfc2716#section-3.5>). More explicitly, the TK is the first 40 octets of the PRF as defined in [RFC2716 <https://tools.ietf.org/html/rfc2716>]: PRF(master secret,"client EAP encryption", random) Where random is the concatenation of client_hello.random and server_hello.random ” On 14 Sep 2016 11:34 a.m., "Chitrang Srivastava" < chitrang.srivastava@gmail.com> wrote:
Hi,
This is regarding seed label which is used in PRF(Pseudo random function) to derive session keys.
PEAPv0: https://tools.ietf.org/html/draft-kamath-pppext-peapv0-00 - I don't see any mention of label but look like it uses *client EAP encryption ? *Any official draft or RFC mentioned PEAPv0 uses this label ? PEAPv1: https://tools.ietf.org/html/draft-josefsson-pppext-eap- tls-eap-05 *client PEAP encryption* PEAPv2: https://tools.ietf.org/html/draft-josefsson-pppext-eap- tls-eap-10 *client EAP encryption*
So on the *client *side the code should be something like
if(PEAP_version ==1) label is *client PEAP encryption* otherwise // For version 0 and 2 label is *client PEAP encryption*
This look OK? Why PEAPv2 uses old label ?