eap Mailing List: RE: Strawman -10/EMSK deletion requirement?

[Salowey, Joe (jsalowey]

<snip>
> > 
> > Hmmm. If an application requires more than one key, would 
> > there really be a case where creation of a root AMSK and 
> > subsequent keys from that root AMSK not work? I'm wondering 
> > why you need to create multiple AMSKs for the same 
> > application directly from the EMSK. I'd personally like to 
> > have no more than one key coming out of the EMSK for the same 
> > key label (unique per application) in AMSK derivation. 
> 
> Lets get to right down to the label(s).  If I have an 
> application called
> foo, can I generate two AMSKs as follows:
> 
> AMSK-FOO-A = KGF(EMSK,"FOO-A" | ......)
> AMSK-FOO-B = KGF(EMSK,"FOO-B" | ......)
> 
> I don't know why an application FOO would like to do this.  Maybe FOO
> application is really two applications.    
> 
> But the point is, from a security perspective why does it matter?
> 
[Joe] As long as there is not caching required between AMSK-FOO-A and
AMSK-FOO-B, I'm not sure it really matters. The argument against it is
that it may encourage caching and there really isn't a reason why you
couldn't derive the two keys lower in the hierachy (except perhaps for
efficiency).  For what its worth in the original EMSK usage draft
(http://bgp.potaroo.net/ietf/all-ids/draft-salowey-eap-key-deriv-02.txt)
we had the following prototype for the KDF:

AMSK = KDF(EMSK, key label, optional application data, length