eap Mailing List: RE: Issue: AAA-Key should be derived from AMSK

[Joseph Salowey (jsalowey]

Jari Arkko wrote:
> I agree with you and Florent that this is a problem.
> I like your solution too -- some nits inline:
> 
>> Section 2.2:
>> 
>> Change
>> "On both the peer and EAP server, the exported MSK and EMSK are
>>    utilized in order to calculate the AAA-Key, as described in
>> Appendix    E." To
>> 
>> "On both the peer and EAP server, the exported MSK and keys derived
>>    from the EMSK (AMSK) are utilized in order to calculate the
>>    AAA-Key, as described in Appendix E."
> 
> Maybe s/EMSK (AMSK)/AMSK/ -- the AMSK is already introduced
> earlier as is the fact that AMSK is derived from the exported
> quantities. 
> 

[Joe] Yes, thanks. 

>> Appendix E:
>> 
>> The EMSK should not be used directly in AAA-Key derivation. Text
>> follows: 
>> 
>>  "Where keying material is provided by the backend
>>    authentication server, a key hierarchy derived from the EMSK, can
>>    be used to provide cryptographically separate keying material for
>>    use in fast handoff.  Instead of using the EMSK directly a
>>    application specific key is derived, the AMSK, as described in
>> seciton F: 
> 
> Maybe: "Where keying material is provided by the backend
> authentication server, a key hierarchy derived from the MSK
> and the AMSK can be used to ..."
> 

[Joe] perhaps "an AMSK" instead of "the AMSK".  There can be more than one
AMSK for different purposes. 

>>    AAA-Key-A = MSK(0,63)
>>    AAA-Key-B = PRF(AMSK(0,63),"EAP AAA-Key derivation for
>>                multiple attachments", AAA-Key-A,B-Called-Station-Id,
>>                Calling-Station-Id,length)
>> 
>>    AAA-Key-E = PRF(AMSK(0,63),"EAP AAA-Key derivation for
>>                multiple attachments",AAA-Key-A,E-Called-Station-Id,
>>                Calling-Station-Id, length)"
> 
> Ok.
> 
> --Jari