eap Mailing List: Re: Strawman -10/EMSK deletion requirement?

[Jari Arkko (jari.arkko]

Avi,

I understand that you feel strongly about the need to use the EMSK
on a per-need basis. But I have some questions for you :-)

1. Ccan you explain what specific technical
problem do you encounter with the proposal that I outlined in
my e-mail, namely that you generate the AMSKs that you need,
and that those AMSKs can be kept around and used for further
generation of keys when the application in question needs more
than one?

Is it just the need to do unnecessary work for keys that
may not be needed for this session? Or is there some
functional difference?

2. Do you have a plan how to manage the cache at the AAA
server side, if there is no agreement a priori that EMSKs
and specific AMSKs are going to be needed?

3. Also, you wrote:

> I do agree that EMSK MUST ONLY BE USED for key derivation (AMSKs) and
>  
What specific purpose did you have in mind for the EMSK? Do you plan
to use the entire EMSK for some specific application you had in
mind? What if other applications want to use it too?

4. And you wrote

> MUST NOT be transported out of the EAP Authentication Server layer.
Ok. This is the issue that I wrote another e-mail about (the one with
choices 1a, 1b, 2a, and 2b) -- can you comment on that e-mail what
you want along with the rationale for your choice?

Thanks,

--Jari