| RE: Re: m.getKey() and RFC 4137 | <– Date –> <– Thread –> |
From: Bernard Aboba (Bernard_Aboba hotmail.com)
|
|
| Date: Fri, 17 Mar 2006 11:03:40 -0800 (PST) | |
> So from what I can tell, RFC 4137 requires that all keying > parameters be transferred as a unit. This assumption > permeates the entire document, as well as lower layer > standards that are based on it. > > Given this, I wonder whether the horse hasn't already left the barn. > Vidya said: "Are you saying then that in accordance with 4137, the EMSK will also be delivered to the AAA layer on the EAP server? " That's how I read it, yes. The keying material and parameters are passed via the eapKeyData structure to the lower layer (which would be the AAA layer on the EAP server when in passthrough mode), via the m.getKey() function. The AAA layer then fills in the aaaEapKeyData structure and passes this to the authenticator. While both eapKeyData and aaaEapKeyData are of type "EAP Key" there doesn't appear to be a presumption that they are the same. So the AAA layer could receive the EMSK, but not pass it to the authenticator.
-
Re: m.getKey() and RFC 4137 Bernard Aboba, March 16 2006
-
RE: Re: m.getKey() and RFC 4137 Narayanan, Vidya, March 17 2006
- RE: Re: m.getKey() and RFC 4137 Bernard Aboba, March 17 2006
- Re: Re: m.getKey() and RFC 4137 Jari Arkko, March 22 2006
- Re: Re: m.getKey() and RFC 4137 Bernard Aboba, March 22 2006
-
RE: Re: m.getKey() and RFC 4137 Narayanan, Vidya, March 17 2006
Results generated by Tiger Technologies using MHonArc.