| RE: Re: Rewrite of Section 2 of the EAP Key Management Framework | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Thu, 20 Oct 2005 15:10:28 -0400 (EDT) | |
Hi Bernard, Comments/questions below > > My current proposal is to state that the EMSK is passed down > to the EAP peer/authenticator layer and EAP layer, but is > never passed down to the lower layer, although keys > calculated from the EMSK can be passed down to the lower > layer if requested by the lower layer, as long as the EMSK itself is > not exposed. > >> "Instead of using the EMSK directly keys should be derived for >> application specific usage. This usage and specification is beyond >> the scope of the current document." > > I think that some language specifying that the lower layer > never receives the EMSK, or quantities from which the EMSK > can be derived should do the job. [Joe] My concern with the above is that you may not want all of the authenticator to have access to the EMSK. You would probably want it to remain with the part of the authenticator that hosts the EAP server. > _______________________________________________ > eap mailing list > eap [at] frascone.com > http://mail.frascone.com/mailman/listinfo/eap
- Re: Re: Rewrite of Section 2 of the EAP Key Management Framework, (continued)
-
Re: Re: Rewrite of Section 2 of the EAP Key Management Framework Jari Arkko, October 19 2005
- RE: Re: Rewrite of Section 2 of the EAP Key Management Framework Bernard Aboba, October 19 2005
- Re: Re: Rewrite of Section 2 of the EAP Key Management Framework Jari Arkko, November 7 2005
-
Re: Re: Rewrite of Section 2 of the EAP Key Management Framework Jari Arkko, October 19 2005
Results generated by Tiger Technologies using MHonArc.