| Re: Issue 307: Rewrite of Section 7, Security Requirements | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Sun, 31 Jul 2005 02:27:39 -0400 (EDT) | |
In addition, consolidate Section 7.1.1 and 7.1.2 into Section 1.5, as follows: 1.5 EMSK Usage The MSK and EMSK MUST be unique for each session. The EMSK must be cryptographically independent of the MSK and TEKs, and the EMSK MUST be secret and not known to someone observing the EAP authentication exchange. The EMSK MUST NOT be transported from the EAP server to another party, and as a result the EMSK is not replicated between the backend server and authenticator via the AAA protocol. Although the EMSK is not replicated, it is possible to derive keys from the EMSK via a one-way function, and for these derived keys to be replicated from the backend server to the authenticator. Where a backend server is present the EMSK will not be available on the authenticator, and therefore in order for the principle of Mode Independence to be satisfied, TSKs derived within the lower layer MUST NOT depend directly on the EMSK. The EMSK MUST NOT be used directly for cryptographic protection of data.
-
Issue 307: Rewrite of Section 7, Security Requirements Bernard Aboba, July 30 2005
-
Re: Issue 307: Rewrite of Section 7, Security Requirements Bernard Aboba, July 30 2005
- Re: Issue 307: Rewrite of Section 7, Security Requirements Bernard Aboba, July 30 2005
-
Re: Issue 307: Rewrite of Section 7, Security Requirements Bernard Aboba, July 30 2005
Results generated by Tiger Technologies using MHonArc.