| Re: Eap keying review: use of MSK/ EMSK for AMSK creation | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Sun, 6 Nov 2005 19:57:41 -0500 (EST) | |
Hi Joe,
--Jari
[Joe] This is OK the EAP Authenticator and EAP Server can be viewed as
part of the same logical entity with repsec to the lower layer. It
probably should say that once the key is delivered to the lower layer it
should be deleted from the EAP Authenticator and EAP server.
Yes. One question that comes up in this context is how to ensure that the lower layer can't "re-request" the same AMSK. One answer to this is that the lower layer must initially make a request of all AMSKs, and the EAP layer ensures that it does not deliver more than one key for one (application id, parameters) pair.
--Jari
- Re: Re: Issue: AAA Key Caching effectively prohibited?, (continued)
- Re: Re: Issue: AAA Key Caching effectively prohibited? Bernard Aboba, November 2 2005
- Re: Re: Issue: AAA Key Caching effectively prohibited? Mohan Parthasarathy, November 3 2005
- Re: Eap keying review: use of MSK/ EMSK for AMSK creation Jari Arkko, November 6 2005
- Re: Eap keying review: use of MSK/ EMSK for AMSK creation Jari Arkko, November 6 2005
Results generated by Tiger Technologies using MHonArc.