eap Mailing List: RE: Re: m.getKey() and RFC 4137

[Salowey, Joe (jsalowey]

> -----Original Message-----
> From: Bernard Aboba [mailto:Bernard_Aboba [at] hotmail.com] 
> Sent: Friday, March 17, 2006 1:42 PM
> To: 'Narayanan, Vidya'; eap [at] frascone.com
> Subject: RE: [eap] Re: m.getKey() and RFC 4137
> 
> Vidya said:
> 
> "I wonder if we are restricted in defining the behavior of 
> the EMSK based
> on a spec that did not consider EMSKs to begin with? It may be that we
> would conclude it is okay to pass the EMSK to the AAA layer - but,
> should we be constrained by 4137 though?" 
> 
> RFC 4137 treats keying material as a *structure* not a single 
> variable, so
> that all the keying material and parameters are passed to the 
> lower layer at
> the same time.  This would not have been necessary if the 
> document only
> meant to deal with the MSK. Since RFC 4137 references the key 
> frame work
> document as well as RFC 3748, it cannot be claimed that it 
> was unaware of
> the key management document, which until -09 included passing 
> of the EMSK to
> the lower layer. 
> 
[Joe] Awareness and having a good understanding of it are two different
things.  I think we have made much progress in understanding in
discussions since RFC 3748 (which reserves the EMSK for future use) and
RFC 4137 (which doesn't mention the EMSK at all). Basing a decision on
what is loosely captured in RFC 4137 would be short sighted.  I don't
think these documents should be interpreted as encourage or discourage
passing the EMSK to various places.