eap Mailing List: Re: keying issue 221: EMSK usage guidelines

[Jari Arkko (jari.arkko]

Joseph Salowey wrote:

> [Joe] I don't think so, I think that the basic requirement is that both
> parties in the EAP exchange can derive the same key name and that the
> name is unique.  I'm suggesting the methods derive the key name in their
> own way.  This could make use of nonces, it could send the key name as
> authenticated data in the exchange, and there are probably other

This would work for me. Others?

> possibilities as well.  It might be OK to derive the key from the EMSK,
> but a few people I mentioned this to disliked it.  In theory I suppose
> it increases the chance that an attacker can precompute a partial
> dictionary that will allow them to compromise some sessions on a network
> (its difficult to attack a particular session, but it may increase the
> possibility of compromising one arbitrary session out of many).  Perhaps
> it is not a big deal, perhaps it is worse than I think it is.  

Ok.

--Jari