| Re: Issue 236: (Key Framework) Rewrite of Section 2 | <– Date –> <– Thread –> |
From: Florent Bersani (florent.bersani rd.francetelecom.fr)
|
|
| Date: Thu, 8 Apr 2004 08:29:11 -0400 (EDT) | |
Hi Bernard,
Some (minor) comments in-line.
Florent
Bernard Aboba wrote:
Some (minor) comments in-line.
Florent
Bernard Aboba wrote:
Well, I see four types of keysIssue 236: Rewrite of Section 2 Submitter name: Bernard Aboba Submitter email address: aboba [at] internaut.com Date first submitted: 4/3/2004 Reference: Document: Keying-01 Comment type: T/E Priority: S Section: 2 Rationale/Explanation of issue:
... 2.2. Key Hierarchy
The EAP Key Hierarchy, illustrated in Figure 3 below, includes three
types of keys:
[1] Keys calculated locally by the EAP method but not exported,
such as the TEKs.
[2] Keys exported by the EAP method: MSK, EMSK, IV
andShouldn't this be a (logically) separated type?
keys calculated from exported quantities: AAA-Key.
[3] Keys calculated by the Secure Association Protocol: TSKs.Does this preclude TEK caching? My answer is no. Is clarification required to specify what does "be exported" and "not be exported" mean?
In order to protect some or all of the EAP conversation, EAP methods
supporting key derivation typically negotiate a ciphersuite and
derive Transient EAP Keys (TEKs) to provide keys for that
ciphersuite. However, the TEKs are stored locally within the EAP
method and are not exported.
-
Issue 236: (Key Framework) Rewrite of Section 2 Bernard Aboba, April 3 2004
- Re: Issue 236: (Key Framework) Rewrite of Section 2 Florent Bersani, April 8 2004
Results generated by Tiger Technologies using MHonArc.