eap Mailing List: Re: Update for issue 183 (Security Associations)

[John Vollbrecht (jrv]

--On Wednesday, October 22, 2003 5:11 PM +0300 Pasi.Eronen [at] nokia.com wrote:

> Hi,
>
> We had a lively discussion about the SAs and naming at the
> interim meeting. It seems the SA description text I sent
> last week was missing (at least) one SA, and thus we
> had severe difficulties in naming it :-)
True - we did have a lively discusssion.  I like what you have here, but I 
am wondering about the difference between a PublicKey and Symetric key 
model.  If  the symetric key exists, I am not sure it could not be used for 
key distribution, and so does not need a different name (it already has one 
e.g. master key in kerberos).   Is this to have an additional name?  Or is 
there a difference between a master key and an "EAP distribution key"?

> Would something like this do?
>
> 3.3 EAP key distribution SA
>
>    This is an SA between the peer and backend authentication
>    server, and it allows them to derive keys to be delivered to
>    authenticators.
>
>    Current implementations do not actually store this SA after
>    the EAP conversation is over, but future implementations could
>    use this for things such as pre-emptive key distribution.
>
>    Contains
>    o  Name/identifier for this SA
>    o  Identities of the parties
>    o  EMSK (or some other keys known only to the peer and
>       backend authentication server)
>    o  Other yet-unspecified information
>
> Best regards,
> Pasi
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap