eap Mailing List: RE: Strawman -10/EMSK deletion requirement?

[Glen Zorn (gwz) (gwz]

Jari Arkko <mailto:jari.arkko [at] piuha.net> supposedly scribbled:

> Glen Zorn (gwz) wrote:
> 
>> Joseph Salowey (jsalowey) <> supposedly scribbled:
>> 
>> 
>> 
>>> The EMSK is the root of all AMSKs, so a compromise of the EMSK
>>> compromises all AMSKs.  Therefore I would like to see the EMSK
>>> protected as much as possible.  Once the EMSK is securely deleted
>>> it cannot be compromised. 
>>> 
>>> 
>> 
>> OK, but is that not equally true of Jari's proposed AMSK_root_0
>> approach? 
>> 
>> 
> The problem is that since EMSK is the root, its compromise will lead
> to the compromise of all derived keys. This also holds locally for
> the AMSK_root_0 approach. That is, if AMSK_root_0 is compromised then
> any keys derived from that root are compromised (but not keys in
> other apps).    

I guess I'm just confused, then (not a first!).  I thought that the major 
problem was that it is basically impossible to no which (if any) _applications_ 
a person would choose to use during a session.  If that is accurate, I can't 
really see how the AMSK_root_0 approach solves the problem.  If that's not the 
problem, what is?

> 
> --Jari

Hope this helps,

~gwz

Why is it that most of the world's problems can't be solved by simply
  listening to John Coltrane? -- Henry Gabriel