eap Mailing List: Re: [Issue 278]: lifetimes of keys internal to EAP methods

[Jari Arkko (jari.arkko]

Bernard Aboba wrote:
> "For instance, if a replay counter is used, a mechanism must
> be in place to prevent it from wrapping around."
>
> The replay counter will wrap when it needs to wrap, this cannot be
> prevented.  I think what you mean to say is that the TEKs need to be
> refreshed before the counter wraps.

Right :-)

> With repect to cryptographic separation of TEKs and TSKs, I think the
> requirement is that the TSKs not be derivable from the TEKs as well as
> vice versa. This implies that they are not on the same branch of the key
> hierarchy.

Yes. Although Pasi's last e-mail seemed to say something
else -- I think he wanted to require only the latter
condition, i.e.,  that TEKs not be derivable from TSKs.
Opinions on that?

(In all current methods that I know of, both conditions
are true. But we shouldn't specify what current methods
do, we should specify what is necessary.)

--Jari