eap Mailing List: RE: Issue: AAA-Key should be derived from AMSK

[Joseph Salowey (jsalowey]

Florent Bersani wrote:
> A quick comment in-line
> 
> Joseph Salowey wrote:
> 
>> ...
>> "Where keying material is provided by the backend
>>   authentication server, a key hierarchy derived from the EMSK, can
>>   be used to provide cryptographically separate keying material for
>> use in   fast handoff. 
>> 
> I do not think that fast handoff is the only application that may
> benefit from such a scheme... although it is clearly a
> natural one! So i'd suggest being less specific and saying sth like:
> 
> "Where keying material is provided by the backend
>    authentication server, a key hierarchy derived from the
> EMSK *and the MSK as Jari noted* , can be
>    used to provide cryptographically separate keying material
> *for different applications. Fast handoffs are an example
> application that may benefit from this keying material"
> 

[Joe] perhaps it should be "the EMSK and/or the MSK" 

> 
>>  Instead of using the EMSK directly a application specific
>>   key is derived, the AMSK, as described in seciton F:
>> 
>>   AAA-Key-A = MSK(0,63)
>>   AAA-Key-B = PRF(AMSK(0,63),"EAP AAA-Key derivation for
>>               multiple attachments", AAA-Key-A,B-Called-Station-Id,
>>               Calling-Station-Id,length)
>> 
>>   AAA-Key-E = PRF(AMSK(0,63),"EAP AAA-Key derivation for
>>               multiple attachments",AAA-Key-A,E-Called-Station-Id,
>>               Calling-Station-Id, length)"
>> 
>> 
>> 
>> _______________________________________________
>> eap mailing list
>> eap [at] frascone.com
>> http://mail.frascone.com/mailman/listinfo/eap