eap Mailing List: Re: Re: Rewrite of Section 2 of the EAP Key Management Framework

[Jari Arkko (jari.arkko]

My e-mail was a response to the discussion you and Joe
had about Joe's comments to 2.6. I agree that we want
to keep eap-keying as small as possible. But I think
the practical alternatives are saying that the key
hieararchy ends at EMSK (and leave rest of keying-extns)
or that the hieararchy ends at AMSK (and leave all applications
of AMSKs to keying-extns). I'd prefer the latter, but
I could be persuaded to go for the former, too.

--Jari

Bernard Aboba wrote:

> > Perhaps we could move forward on the AMSK/EMSK issue
> > by looking at the constraints we are under:
> >    
>
> I presume that you're talking about a future document, not the current key
> framework document, right? 
>
> As I see it, we really only need to do a few things in the key framework
> document:
>
> a. Define the interactions between the EAP method layer, EAP
> authenticator/peer layer, EAP layer, and lower layer (including AAA).
>
> b. Define the EAP security model (e.g. the cryptographic assumptions). 
>
> c. Derive the security requirements for the lower layer based on a) and b).
>
> d. Describe how current implementations behave (including lower layers). 
>
> If we've do these things, then we can always build on that in future
> documents.   However, it has turned out to be difficult enough to accomplish
> just these goals that taking on even more probably will make it even more
> difficult to finish. 
>
>
>