eap Mailing List: Issue 170: Terminology

[Bernard Aboba (aboba]

Issue 170: Terminology
Submitter name: Bernard Aboba
Submitter email address: aboba [at] internaut.com
Date first submitted: 9/11/2003
Reference:
Document: EAP-05
Comment type: T
Priority: S
Section: 1.2
Rationale/Explanation of issue:

For the purposes of RFC 2284bis, it is not necessary to delve into the
uses of the MSK/EMSK -- it's just enough to say that they must be produced
and exported. Let's leave discussion of uses to the Key Framework
document.

In Section 1.2, change:

" Master Session Key (MSK)
Keying material that is derived between the EAP peer and
server and exported by the EAP method. The MSK is used in
the derivation of Transient Session Keys (TSKs) for the
ciphersuite negotiated between the EAP peer and
authenticator. Where a backend authentication server is
present, acting as an EAP server, it will typically
transport the MSK to the authenticator, so that in this
case, the MSK is available to the peer, authenticator and
authentication server.

Extended Master Session Key (EMSK)
Additional keying material derived between the EAP client
and server that is exported by the EAP method. Unlike the
MSK, the EMSK is known only to the EAP peer and EAP server
and is not provided to a third party. The EMSK is reserved
for future uses that are not defined yet. For example, it
could be used to derive additional keying material for
purposes such as fast handoff, cryptographic binding, etc."

To:

" Master Session Key (MSK)
Keying material that is derived between the EAP peer and
server and exported by the EAP method. The MSK is at
least 64 octets in length. In existing implementations
a AAA server acting as an EAP server transports the MSK
to the authenticator.

Extended Master Session Key (EMSK)
Additional keying material derived between the EAP client
and server that is exported by the EAP method. The EMSK
is at least 64 octets in length. The EMSK is reserved
for future uses that are not defined yet and is not
provided to a third party."