eap Mailing List: RE: Strawman -10/EMSK deletion requirement?

[Narayanan, Vidya (vidyan]

> 
> See inline please.... 
> 
> > > 
> > > Yes. To get the AMSK or derivative keys from the AAA server. 
> > > But not between the AAA server and the EAP-Authentication Server.
> > > 
> > > Note, if I can remember correctly someone wanted to specify
> > a protocol
> > > to get the AMSK from the EMSK.
> > > 
> > 
> > How often do we have an EAP server not co-located with the 
> AAA server?
> 
> Well in one SDO activitiy that I am working on there is a 
> case where the EAP-Server is not deployed with the AAA-server 
> for some fo the cases.
> It is however co-located with the NAS.
> 

Is a AAA-server separately deployed in this case and does the EAP server
contact the AAA server to authenticate the peer? 

I guess we can say that a protocol may be needed when the NAS is not in
pass through mode? 

> > When they are co-located, a protocol isn't really required. 
> 
> I agree.
> 
> > When they are not, I can see a need - but, from a practical 
> use case 
> > perspective, I feel that such a protocol would find very 
> limited use.
> 
> I agree with you. But I wouldn't discount it either.  My 
> approach is to allow for that -- and certainly it is allowed 
> and then solve the problem when someone can actually 
> demonstrate a need. Or let them solve the problem ;-)
> 

I like the latter :)