| Re: About use of EMSK | <– Date –> <– Thread –> |
From: Jari Arkko (jari.arkko piuha.net)
|
|
| Date: Sun, 5 Mar 2006 13:12:16 -0800 (PST) | |
Rafa Marin Lopez wrote:
- Make it possible to use existing EAP methods.
--Jari
Clarified this point. In your answer you specify "only" lower layer. Did you forget to include AAA layer ? Or do you think AAA layer might receive EMSK?.
[Joe] The EMSK MUST NOT be exported to the lower layer.
Ignoring the definition problems with layers for a while. I think we know the external behaviour we want. We want
- Avoid L2 design, implementation, or node compromise problems causing the compromise of other L2 networks. Or compromise of one application of EAP keys leading to the compromise of others.
- Allow crypto-agility for the function used in the key derivation.
- Allow different keys to be used for different attachments, without keys 2, 3, ... to be based on key 1, which is what we would have to do with MSK
- Make it possible to use existing EAP methods.
One way of approaching this is to have the EAP server/AAA server keep the EMSK, and provide AMSKs for various purposes. Another is giving the EMSK to the lower layer, but dictating something about its use.
--Jari
-
About use of EMSK Rafa Marin Lopez, February 20 2006
-
RE: About use of EMSK Salowey, Joe, February 26 2006
-
Re: About use of EMSK Rafa Marin Lopez, February 27 2006
- Re: About use of EMSK Jari Arkko, March 5 2006
-
Re: About use of EMSK Rafa Marin Lopez, February 27 2006
-
Re: About use of EMSK Jari Arkko, March 6 2006
- Re: About use of EMSK Yoshihiro Ohba, March 17 2006
-
RE: About use of EMSK Salowey, Joe, February 26 2006
-
RE: About use of EMSK Salowey, Joe, February 27 2006
- Re: About use of EMSK Rafa Marin Lopez, March 3 2006
Results generated by Tiger Technologies using MHonArc.