eap Mailing List: Re: WGLC for eap-keying: EAP server-AAA server

[Jari Arkko (jari.arkko]

Nakhjiri Madjid-MNAKHJI1 wrote:

> > 1) EIK | PMK =truncate (MSK, 320)
> > 2) PMK2= truncate (MSK, 160)
> >    
>
> Both of these definitions imply that the PMK is a truncated version of
> the 
> MSK.   Perhaps we can just point that out, and reference 802.11 and
> 802.16e. 
>   There really is not much need to say anything more than that.
>
> Madjid>> My point exactly, except even that is may be too much. What if
> it was not a truncation? PMK creation, is really a lower layer issue.
>  
Suggested text:

Pairwise Master Key (PMK)
Lower layers use MSK in lower-layer dependent manner.
For instance, in [IEEE-802.11i] Octets 0-31 of the MSK
are known as the Pairwise Master Key (PMK). In
[IEEE-802.11i] the TKIP and AES CCMP ciphersuites derive
their Transient Session Keys (TSKs) solely from the PMK, whereas
the WEP ciphersuite as noted in [RFC3580], derives its TSKs from
both halves of the MSK. In [802.16e], the MSK is truncated to
40 octets for PMK and 20 octets for PMK2.

and delete PMK usage from Appendix A.

> Madjid>> Ok, if you say so. But it is still heavily used in 3748 and in
> extension drafts 
>
> "AAA-Key-B = prf(AMSK(0,63),"EAP AAA-Key derivation for
>                  multiple attachments", AAA-Key, B-Called-Station-Id,
>                  Calling-Station-Id,length)"
>  
The extension document is not currently on the table,
and there may well be other approaches (e.g. yours).
But I would point out that the "AAA-Key-B" really has
nothing to do with the current AAA-Key; its a completely
different quantity that could be used in handoffs.
We can name it to whatever we want.

--Jari