eap Mailing List: RE: Strawman -10

[Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri]

 > The difference is subtle, but potentially important for issues such
as 
> crypto-agility.  Allowing the lower layer to obtain the EMSK enables 
> the lower layer to negotiate the PRFs used in AMSK generation, whereas

> this is not possible if AMSK generation is handled in the EAP layer.  
> It also maintains backward compatibility so that a lower layer using 
> the AMSK can be introduced without requiring changes to existing EAP 
> implementations.
> 
> As long as the EAP peer does not need to be aware of whether the 
> authenticator is configured in standalone or pass-through mode, I 
> think that the requirements of mode independence have been met.

[Joe] This worries me.  It ties the key derivation to the lower layer,
which could be problematic.  A goal of the EMSK to AMSK derivation is to
contain the problem of a misbehaving lower layer to the lower layer
itself.  A lower layer that determines the key derivation algorithm
conflicts with this goal.  What happens if there are multiple AMSKs
being derived for different purposes? Who decides the KDF?   


I think I would prefer to see a default KDF specified with the
capability of an EAP method to override it with a KDF of its own.  

Madjid>> Are you saying all EMSK-AMSK generations will have to follow
the same KDF defined based on EAP method? And ruling out use of
different KDFs for different AMSKs?


_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap