eap Mailing List: Re: WGLC for eap-keying: EAP server-AAA server

Re: WGLC for eap-keying: EAP server-AAA server	<– Date –> <– Thread –>
From: Jari Arkko (jari.arkkopiuha.net)
Date: Mon, 7 Nov 2005 09:29:14 -0500 (EST)

Nakhjiri Madjid-MNAKHJI1 wrote:

***MSK and EMSK definitions talk about export. RFC 3748 terminology does not include "export", so it is not clear what export means.

The definitions are copied from [RFC3748] without modification. Note that [RFC3748] does include the term "export". See Section 1.2:
  Master Session Key (MSK)
     Keying material that is derived between the EAP peer and server
     and exported by the EAP method.  The MSK is at least 64 octets in
     length.  In existing implementations, a AAA server acting as an
     EAP server transports the MSK to the authenticator.
Madjid>>Given that the definition "assumes" AAA server is the same as EAP server, I cannot see what the importing entity is. This is another place where separating EAP server and AAA server function would help. Given that the current specs give so many 802.11 examples, I don't see how an example of what "export" mean would hurt, I am guessing the general definition of export is that the EAP method/ server and peer will allow another layer (such as AAA layer) to see the keys, so why not provide an example.

That is indeed the definition of "export". But I think it
is already clear without any text changes. The text
says "exported by the EAP method". This implies delivering
the data out of the EAP method, which is a protocol layer.
So it seems very clear that the data goes to the next layer.
Similarly, "transport" is very clear to me.

--Jari

RE: WGLC for eap-keying: EAP server-AAA server Nakhjiri Madjid-MNAKHJI1, October 28 2005
- RE: WGLC for eap-keying: EAP server-AAA server Glen Zorn (gwz), October 28 2005
- RE: WGLC for eap-keying: EAP server-AAA server Nakhjiri Madjid-MNAKHJI1, October 28 2005
- RE: WGLC for eap-keying: EAP server-AAA server Nakhjiri Madjid-MNAKHJI1, October 31 2005
  - Re: WGLC for eap-keying: EAP server-AAA server Jari Arkko, November 7 2005
- RE: WGLC for eap-keying: EAP server-AAA server Salowey, Joe, November 1 2005
  - Re: WGLC for eap-keying: EAP server-AAA server Jari Arkko, November 7 2005
- RE: WGLC for eap-keying: EAP server-AAA server Nakhjiri Madjid-MNAKHJI1, November 1 2005
  - Re: WGLC for eap-keying: EAP server-AAA server Jari Arkko, November 7 2005

Results generated by Tiger Technologies using MHonArc.

eap Mailing List
View Index by: Date - Thread - Author