| RE: The end of the keying hierarchy... | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Mon, 24 Oct 2005 17:37:45 -0400 (EDT) | |
> Joe said: > > "My concern with the above is that you may not want all of > the authenticator to have access to the EMSK. You would > probably want it to remain with the part of the authenticator > that hosts the EAP server." > > In the case where EAP runs standalone, the EAP authenticator > *is* the EAP server. In the case of passthrough, the EAP > authenticator doesn't host the EAP server, although it is > co-resident with the AAA client. So I guess I'm not > understanding your comment. > [Joe] I look at the EAP-server as being a logical part of the EAP Authenticator. I am concerned about the EMSK leaving the AAA in the case where the EAP Server is in a different device that hosts the EAP Authenticator interface with the lower layer. > Maybe this has to do with the flow of keying > material/attributes in the standalone case? In order to > preserve mode independence, I think that the keying material > needs to be processed the same way it would be if EAP were > being run standalone. > [Joe] The EMSK should stay within the EAP server.
-
The end of the keying hierarchy... Bernard Aboba, October 20 2005
- Re: The end of the keying hierarchy... Jari Arkko, October 23 2005
- RE: The end of the keying hierarchy... Salowey, Joe, October 24 2005
- RE: The end of the keying hierarchy... Salowey, Joe, October 24 2005
Results generated by Tiger Technologies using MHonArc.