eap Mailing List: Re: Eap keying review: use of MSK/ EMSK for AMSK creation

[Jari Arkko (jari.arkko]

Nakhjiri Madjid-MNAKHJI1 wrote:

> It would indeed be unfortunate to create an "application dependence" in
> the EAP layer.  However, I'm not sure that AMSK proposal does that,
> necessarily.  If all the EAP layer does it take parameters from the
> lower layer to create AMSKs, and then unconditionally carry out the
> lower layer's instructions, then I think the mechanism could be quite
> general.
>
> Madjid>> Yes, I agree, but prohibiting EMSK export will make application
> dependence very hard.
>  
(Not sure if I'm responding to the e-mails in the correct
order. This may have already been agreed upon...)

The fundamental requirement appears to be to not
transport EMSK and to avoid compromised applications
from affecting each other. Presumably there are multiple
ways to achieve this, but IMHO one good way would be
to keep EMSK in the EAP layer and have the EAP layer
produce AMSKs, based on the same formula for all keys,
upon the request of the lower layer. Then the lower layer
can get all the AMSKs that it needs, and as long as it
requests different AMSKs for different applications,
there's no chance of one application compromising
another one.

--Jari