eap Mailing List: Re: Strawman -10/EMSK deletion requirement?

[Jari Arkko (jari.arkko]

Rafa Marin Lopez wrote:

>>
>>  
>>
>> So the conclusion is that the EMSK is kept somewhere
>> between the EAP method and AAA transport layers.
>>  
>>
> So far, between EAP methods and AAA transpor layers (AAA server?? ) we
> have EAP authenticator layer and EAP layer. An as specified
> draft-ietf-eap-keying-10.txt both layers cannot cache anything. I
> think it does not preclude the use of EMSK but it establishes limits
> to the creation of AMSK. That is, the AMSK should be created just in
> the moment the EMSK is exported. If EMSK wants to be cached, that part
> of text should be relaxed, no?

I think so.

>  
> I have seen during discussions and also under my understanding of
> draft-aboba-eap-keying-extns-00.txt that either 1) AMSK would be
> tranported from AAA server to some entity or 2) AMSK could be used as
> a root and cached by the AAA server to derive new keys which would be
> eventually transported to different entities.
>
> will that decision between both cases be specified for application? or
> would it be better to select one approach (it seems people like second
> one)?

I think the practical approach would be to take one application and
specify how its done
for that. Other applications may later use the same approach or
something else, if
their requirements differ.

--Jari