eap Mailing List: Re: Issue: AAA-Key should be derived from AMSK

[Florent Bersani (florent.bersani]

A quick comment in-line

Joseph Salowey wrote:

> ...
> "Where keying material is provided by the backend
>   authentication server, a key hierarchy derived from the EMSK, can be
>   used to provide cryptographically separate keying material for use in
>   fast handoff.
I do not think that fast handoff is the only application that may 
benefit from such a scheme... although it is clearly a natural one!
So i'd suggest being less specific and saying sth like:

"Where keying material is provided by the backend
  authentication server, a key hierarchy derived from the EMSK
*and the MSK as Jari noted*
, can be
  used to provide cryptographically separate keying material
*for different applications. Fast handoffs are an example application that may 
benefit from this keying material"


>  Instead of using the EMSK directly a application specific
>   key is derived, the AMSK, as described in seciton F:
>
>   AAA-Key-A = MSK(0,63)
>   AAA-Key-B = PRF(AMSK(0,63),"EAP AAA-Key derivation for
>               multiple attachments", AAA-Key-A,B-Called-Station-Id,
>               Calling-Station-Id,length)
>
>   AAA-Key-E = PRF(AMSK(0,63),"EAP AAA-Key derivation for
>               multiple attachments",AAA-Key-A,E-Called-Station-Id,
>               Calling-Station-Id, length)"
>
>
>
> _______________________________________________
> eap mailing list
> eap [at] frascone.com
> http://mail.frascone.com/mailman/listinfo/eap
>
>