eap Mailing List: RE: Strawman -10

[Salowey, Joe (jsalowey]

> -----Original Message-----
> From: Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri [at] motorola.com] 
> Sent: Wednesday, March 01, 2006 2:38 PM
> To: Rafa Marin Lopez; Bernard Aboba
> Cc: eap [at] frascone.com
> Subject: RE: [eap] Strawman -10
> 
> Madjid>>Again, why is deletion of EMSK after generation of 
> one AMSK is a
> requirements. What if we need to create multiple AMSKs and that at
> multiple occassions?
> 
> 
> 
> Well, actually, lower layer authenticator implementation 
> should expect 
> (MSK,EMSK) in the case EAP method is executed by the standalone 
> authenticator or (MSK,AMSK) in the case EAP method is executed by 
> backend authentication server. If it receives (MSK,EMSK) 
> should create 
> AMSK and delete EMSK. If it receives (MSK,AMSK) , that's all, correct?

[Joe] Not really, strictly speaking the lower layer shouldn't expect to
receive the EMSK as that would break mode independence.  An
architectural description should not have the lower layer receiving the
keys. From a supplicant perspective it must appear the same whether an
external EAP-Server or a collocated EAP server is used.  Now I don't
know what is going on inside your box, it could all be monolithic when a
internal EAP server is used but that shouldn't be visible to the
external world.  If I was interested in cryptographic module separation
I might not be too happy if you shared the EMSK with the lower layer. 

> _________________________________________________________________
> To unsubscribe or modify your subscription options, please visit:
> http://lists.frascone.com/mailman/listinfo/eap
> 
> Arhives: http://lists.frascone.com/pipermail/eap
>