eap Mailing List: Re: Strawman -10

[Rafa Marin Lopez (rafa]

Bernard Aboba wrote:

> > In figure 3, EMSK seems now exported to AAA layer or Lower layer.  Is 
> > that correct?
>
>
> The text forbidding the export was removed in Issue 320 with the 
> following proposed change, so it would appear to me that the export is 
> now allowed.

I see. But I was wondering for example in the case of standalone 
authenticator : will only MSK be available to lower layer as usual or 
both (MSK,EMSK) now?

Thanks.

> ---------------------------------------------------------------------------------------------------------------------------------------- 
>
> Change
>
> "The EMSK MUST NOT be provided to the lower layer, nor is it permitted
> to pass any quantity to the lower layer from which the EMSK could be
> computed without breaking some cryptographic assumption, such as
> inverting a one-way function."
>
> To
>
> "The EMSK MUST NOT be provided to an entity outside the EAP server or
> peer,  nor is it permitted to pass any quantity to an entity outside 
> the EAP
> server or peer from which the EMSK could be computed without breaking 
> some cryptographic assumption, such as inverting a one-way function."


--
------------------------------------------------------
Rafael Marin Lopez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
Telf: +34968367645    e-mail: rafa [at] dif.um.es
------------------------------------------------------