| RE: Strawman -10 | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Tue, 31 Jan 2006 17:24:52 -0800 (PST) | |
> -----Original Message----- > From: Rafa Marin Lopez [mailto:rafa [at] dif.um.es] > Sent: Tuesday, January 31, 2006 1:47 PM > To: Salowey, Joe > Cc: Bernard Aboba; eap [at] frascone.com > Subject: Re: [eap] Strawman -10 > > > >>I see. But I was wondering for example in the case of standalone > >>authenticator : will only MSK be available to lower layer > as usual or > >>both (MSK,EMSK) now? > >> > >> > >> > > > >[Joe] In order to preserve mode independence the EMSK must not be > >directly consumed by the lower layer. The lower layer must > not require > >direct access to the EMSK to function. However, the lower layer may > >rely upon keys derived from the EMSK. > > > > > Then my question is what layer is going to derive keys (i.e. > AMSK) from > EMSK? EAP layer?. > [Joe] I would say the EAP layer (if there is such a thing). If you don't like the EAP layer then it would be something like an EMSK management layer or component. Not the lower layer. > > > > > > > >>Thanks. > >> > >> > >> > >>> > >>> > >>-------------------------------------------------------------- > >>-------------------------------------------------------------- > >>------------ > >> > >> > >>>Change > >>> > >>>"The EMSK MUST NOT be provided to the lower layer, nor is > >>> > >>> > >>it permitted > >> > >> > >>>to pass any quantity to the lower layer from which the > EMSK could be > >>>computed without breaking some cryptographic assumption, such as > >>>inverting a one-way function." > >>> > >>>To > >>> > >>>"The EMSK MUST NOT be provided to an entity outside the EAP > >>> > >>> > >>server or > >> > >> > >>>peer, nor is it permitted to pass any quantity to an > >>> > >>> > >>entity outside > >> > >> > >>>the EAP > >>>server or peer from which the EMSK could be computed > >>> > >>> > >>without breaking > >> > >> > >>>some cryptographic assumption, such as inverting a one-way > >>> > >>> > >>function." > >> > >> > >>> > >>> > >>> > >>> > >>-- > >>------------------------------------------------------ > >>Rafael Marin Lopez > >>Faculty of Computer Science-University of Murcia > >>30071 Murcia - Spain > >>Telf: +34968367645 e-mail: rafa [at] dif.um.es > >>------------------------------------------------------ > >> > >>_________________________________________________________________ > >>To unsubscribe or modify your subscription options, please visit: > >>http://lists.frascone.com/mailman/listinfo/eap > >> > >>Arhives: http://lists.frascone.com/pipermail/eap > >> > >> > >> > > > > > > > > > > > -- > ------------------------------------------------------ > Rafael Marin Lopez > Faculty of Computer Science-University of Murcia > 30071 Murcia - Spain > Telf: +34968367645 e-mail: rafa [at] dif.um.es > ------------------------------------------------------ >
- Re: Channel binding approaches (Was: Re: [eap] Strawman -10), (continued)
- Re: Channel binding approaches (Was: Re: [eap] Strawman -10) Yoshihiro Ohba, March 8 2006
-
Re: Strawman -10 Jari Arkko, February 7 2006
- Re: Strawman -10 Bernard Aboba, February 7 2006
- Re: Strawman -10 Jari Arkko, March 5 2006
Results generated by Tiger Technologies using MHonArc.