| RE: Issue: AAA Key Caching effectively prohibited? | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Wed, 2 Nov 2005 12:56:40 -0500 (EST) | |
> -----Original Message----- > From: Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri [at] motorola.com] > Sent: Wednesday, November 02, 2005 9:44 AM > To: Salowey, Joe; Bernard Aboba; aboba [at] internaut.com > Cc: jari.arkko [at] piuha.net; eap [at] frascone.com > Subject: RE: [eap] Issue: AAA Key Caching effectively prohibited? > > > 1. We've talked about deletion of transported keys from the AAA > > server. So if an MSK (or AMSK) is calculated within the > AAA layer and > > > subsequently transported, that key is destroyed and cannot > be cached. > > > [Joe] I don't think we have said that the AMSK must be > deleted or cannot be cached. It should be the contrary, the > AMSK is a quantity that an application such as AAA can use > for the purpose it has defined. > > Madjid>> AAA can _use_? How about create and keep? > [Joe] The AAA can keep the AMSK if that is what the application specifies to be done. Generating an AMSK from an EMSK is a more specialized function that needs to exist outside of AAA since EAP does not require AAA. > > [Joe] This depends on how you define your key hierarchy. If > you derive your keys directly from the EMSK you have a > problem. If you define your keys from an AMSK derive for the > purpose of pre-emptive key distribution then things work out > a bit better. > > Madjid>>Are you saying we create our application specific keys out of > AMSK that is already called application master key? Not sure > what "rainy day" we are saving EMSK for? Why have so many key > levels, does anybody care about the CPU and battery > consumptions down at a tiny mobile device that may have to do > all this? > [Joe] The EMSK is the root of a key hierarchy used only to generate AMSKs. This is to ensure that application keys are cryptographically separate from one another so that one application does not cause a compromise in another. If the EMSK is used by multiple applications this opens you up to a catastrophic compromise if one application has a problem.
- Re: RE: Issue: AAA Key Caching effectively prohibited?, (continued)
- Re: RE: Issue: AAA Key Caching effectively prohibited? Jari Arkko, November 5 2005
- Re: Issue: AAA Key Caching effectively prohibited? Jari Arkko, November 5 2005
-
RE: Issue: AAA Key Caching effectively prohibited? Nakhjiri Madjid-MNAKHJI1, November 2 2005
- RE: Issue: AAA Key Caching effectively prohibited? Bernard Aboba, November 2 2005
- RE: Issue: AAA Key Caching effectively prohibited? Salowey, Joe, November 2 2005
-
RE: Issue: AAA Key Caching effectively prohibited? Nakhjiri Madjid-MNAKHJI1, November 2 2005
-
Re: RE: Issue: AAA Key Caching effectively prohibited? Yoshihiro Ohba, November 2 2005
- Re: RE: Issue: AAA Key Caching effectively prohibited? Bernard Aboba, November 2 2005
- Re: Issue: AAA Key Caching effectively prohibited? Jari Arkko, November 5 2005
-
Re: RE: Issue: AAA Key Caching effectively prohibited? Yoshihiro Ohba, November 2 2005
Results generated by Tiger Technologies using MHonArc.