eap Mailing List

View Index by: Date - Thread - Author
RE: Issue: Child key expiry
From: Nakhjiri Madjid-MNAKHJI1 (Madjid.Nakhjirimotorola.com)
Date: Tue, 2 May 2006 14:13:06 -0700 (PDT) 
I like the last sentence. We need to allow future specs that derive keys
from EMSK to define their own key authorization/ life time policies.
However, given that EMSK is not exported, while MSK is and TSK are
derived from MSK, then the last sentence is probably best inserted
whenever EMSK is being described not here. 

Madjid

-----Original Message-----
From: Narayanan, Vidya [mailto:vidyan [at] qualcomm.com] 
Sent: Tuesday, May 02, 2006 1:00 AM
To: eap [at] frascone.com
Subject: [eap] Issue: Child key expiry 

    Submitter name: Vidya Narayanan
    Submitter email address: vidyan [at] qualcomm.com
    Date first submitted: 5/01/2006
    Reference: 
    Document: Keying Framework
    Comment type: 'T'echnical
    Priority: '2' May fix 
    Section: 3.3
    Rationale/Explanation of issue: 
This section states "When keying material exported by EAP methods
expires,  all keying
   material derived from the exported keying material expires, including
   the TSKs." This seems to indicate that the keys derived from the EMSK
will also be expired when the EMSK expires. It is not yet clear if this
would apply to all kinds of keys derived from the EMSK. There may be
classes of keys derived from the EMSK for which different lifetime
guidelines apply. So, it may be good to clarify that the EMSK usage
documents will specify the guidelines for EMSK-based child keys. 
    
    Requested change:

Change 

"When keying material exported by EAP methods expires,  all keying
   material derived from the exported keying material expires, including
   the TSKs." 

to 

"When keying material exported by EAP methods expires,  all keying
   material derived from the exported keying material expires, including
   the TSKs. Note that different lifetime guidelines may be specified in
future specifications for EMSK-based child keys."
_________________________________________________________________
To unsubscribe or modify your subscription options, please visit:
http://lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.frascone.com/pipermail/eap
  • Issue: Child key expiry Narayanan, Vidya, May 1 2006
    • RE: Issue: Child key expiry Nakhjiri Madjid-MNAKHJI1, May 2 2006

Results generated by Tiger Technologies using MHonArc.