eap Mailing List: RE: Strawman -10/EMSK deletion requirement?

[Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjiri]

> 
> Thanks for the email. I think you responded to the old piece of the 
> email from Rafa and I am to blame for causing that confusion, as I 
> kept that part to provide context.
> Again, my question was why an entity needs to delete EMSK after 
> generating the first AMSK (or first set of AMSKs?)? This seems to be 
> the requirement regardless of two options:
> 
> 1) keep EMSK at EAP layer, create AMSK at EAP layer based request from

> AAA layer, delete EMSK Immediately (this means EAP layer must have 
> KDFs for AMSK=KDF(EMSK, etc)
> 2) push EMSK down to AAA layer at backend server, create AMSK at AAA 
> layer and delete EMSK immediately (this means AAA layer must have 
> KDFs)
>
[Joe] If the AAA layer contains the AAA client and AAA server then the
EMSK should not be available to this layer, if the AAA layer means
something else then I don't know about (1).  The AMSK should be
generated in the EAP and exported, option (2).
 

Madjid>>I guess the number of people who are not sure about definition
of AAA layer is more than one :)
Joking aside, what is your reason what not making EMSK available to
lower layer, while doing so for MSK is ok? What is the fundamental
difference.
> 
> In both cases we require deletion of EMSK after generation of AMSK, 
> why?
> 
[Joe] To minimize the chance of exposure of the EMSK.  Why do you need
to cache it? Could you generate and cache an AMSK instead?  

Madjid>>because a priori I cannot know how many AMSKs I may need later.
An application may pop up later that needs keying or I move to a
different domain that may require a new AMSK, but I cannot anticipate
the move ahead of time...


> Thanks,
> 
> Madjid
> 
> -----Original Message-----
> From: Salowey, Joe [mailto:jsalowey [at] cisco.com]
> Sent: Wednesday, March 01, 2006 5:17 PM
> To: Nakhjiri Madjid-MNAKHJI1; Rafa Marin Lopez; Bernard Aboba
> Cc: eap [at] frascone.com
> Subject: RE: [eap] Strawman -10
> 
>  
> 
> > -----Original Message-----
> > From: Nakhjiri Madjid-MNAKHJI1 [mailto:Madjid.Nakhjiri [at] motorola.com]
> > Sent: Wednesday, March 01, 2006 2:38 PM
> > To: Rafa Marin Lopez; Bernard Aboba
> > Cc: eap [at] frascone.com
> > Subject: RE: [eap] Strawman -10
> > 
> > Madjid>>Again, why is deletion of EMSK after generation of
> > one AMSK is a
> > requirements. What if we need to create multiple AMSKs and that at 
> > multiple occassions?
> > 
> > 
> > 
> > Well, actually, lower layer authenticator implementation
> should expect
> > (MSK,EMSK) in the case EAP method is executed by the standalone 
> > authenticator or (MSK,AMSK) in the case EAP method is executed by 
> > backend authentication server. If it receives (MSK,EMSK)
> should create
> 
> > AMSK and delete EMSK. If it receives (MSK,AMSK) , that's
> all, correct?
> 
> [Joe] Not really, strictly speaking the lower layer shouldn't expect 
> to receive the EMSK as that would break mode independence.  An 
> architectural description should not have the lower layer receiving 
> the keys. From a supplicant perspective it must appear the same 
> whether an external EAP-Server or a collocated EAP server is used.  
> Now I don't know what is going on inside your box, it could all be 
> monolithic when a internal EAP server is used but that shouldn't be 
> visible to the external world.  If I was interested in cryptographic 
> module separation I might not be too happy if you shared the EMSK with

> the lower layer.
> 
> > _________________________________________________________________
> > To unsubscribe or modify your subscription options, please visit:
> > http://lists.frascone.com/mailman/listinfo/eap
> > 
> > Arhives: http://lists.frascone.com/pipermail/eap
> > 
>