| RE: Strawman -10 | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 31 Jan 2006 08:55:12 -0800 (PST) | |
> -----Original Message----- > From: Rafa Marin Lopez [mailto:rafa [at] dif.um.es] > Sent: Tuesday, January 31, 2006 7:40 AM > To: Bernard Aboba > Cc: eap [at] frascone.com > Subject: Re: [eap] Strawman -10 > > Bernard Aboba wrote: > > >> In figure 3, EMSK seems now exported to AAA layer or Lower > layer. Is > >> that correct? > > > > > > The text forbidding the export was removed in Issue 320 with the > > following proposed change, so it would appear to me that > the export is > > now allowed. > > I see. But I was wondering for example in the case of standalone > authenticator : will only MSK be available to lower layer as usual or > both (MSK,EMSK) now? > [Joe] In order to preserve mode independence the EMSK must not be directly consumed by the lower layer. The lower layer must not require direct access to the EMSK to function. However, the lower layer may rely upon keys derived from the EMSK. > Thanks. > > > > > > -------------------------------------------------------------- > -------------------------------------------------------------- > ------------ > > > > Change > > > > "The EMSK MUST NOT be provided to the lower layer, nor is > it permitted > > to pass any quantity to the lower layer from which the EMSK could be > > computed without breaking some cryptographic assumption, such as > > inverting a one-way function." > > > > To > > > > "The EMSK MUST NOT be provided to an entity outside the EAP > server or > > peer, nor is it permitted to pass any quantity to an > entity outside > > the EAP > > server or peer from which the EMSK could be computed > without breaking > > some cryptographic assumption, such as inverting a one-way > function." > > > > > > > > > > > -- > ------------------------------------------------------ > Rafael Marin Lopez > Faculty of Computer Science-University of Murcia > 30071 Murcia - Spain > Telf: +34968367645 e-mail: rafa [at] dif.um.es > ------------------------------------------------------ > > _________________________________________________________________ > To unsubscribe or modify your subscription options, please visit: > http://lists.frascone.com/mailman/listinfo/eap > > Arhives: http://lists.frascone.com/pipermail/eap >
- Re: Strawman -10, (continued)
-
Re: Strawman -10 Bernard Aboba, January 31 2006
- Re: Strawman -10 Rafa Marin Lopez, January 31 2006
- Re: Strawman -10 Bernard Aboba, January 31 2006
- Re: Strawman -10 Rafa Marin Lopez, January 31 2006
-
Re: Strawman -10 Bernard Aboba, January 31 2006
- RE: Strawman -10 Bernard Aboba, January 31 2006
- Re: Strawman -10 Rafa Marin Lopez, January 31 2006
- Re: Strawman -10 Jari Arkko, January 31 2006
Results generated by Tiger Technologies using MHonArc.