| RE: Strawman -10 | <– Date –> <– Thread –> |
From: Salowey, Joe (jsalowey cisco.com)
|
|
| Date: Wed, 1 Feb 2006 21:18:12 -0800 (PST) | |
> -----Original Message----- > From: Bernard Aboba [mailto:bernard_aboba [at] hotmail.com] > Sent: Wednesday, February 01, 2006 9:45 AM > To: yohba [at] tari.toshiba.com; Salowey, Joe > Cc: eap [at] frascone.com > Subject: Re: [eap] Strawman -10 > > >The channel-binding draft allows KDF to be provided by an EAP method > >while still satisfying the requirements of mode independence. > > Do we really want to require EAP methods to support KDFs in > order to enable > the lower layer to generate keys from the EMSK? That would mean that > existing EAP methods wouldn't be usable on some lower layers. > One of the > major advantages of EAP is the ability to support many lower layers. > [Joe] Why wouldn't existing EAP methods be usable on some lower layers? If the KDF is not acceptable then the EAP method probably isn't either. Perhaps we can define an IANA registry of KDFs. An implementation SHOULD/MUST support a default one and MAY support others. The lower lay can negotiate between the supported KDFs. The KDF function prototype would need to have a parameter that selects the KDF to use and there would need to be a way to query for supported KDFs. It seems like this could be carried in the AAA messaging if necessary. This seems a little complex but I think it achieves what you want.
- Re: Strawman -10, (continued)
-
Re: Strawman -10 Jari Arkko, February 7 2006
- Re: Strawman -10 Bernard Aboba, February 7 2006
- Re: Strawman -10 Jari Arkko, March 5 2006
-
Re: Strawman -10 Jari Arkko, February 7 2006
Results generated by Tiger Technologies using MHonArc.