eap Mailing List: Re: Issue: section 2.1 AAA key caching

[Lakshminath Dondeti (ldondeti]

Hi Joe,

I don't understand the last sentence: "If the AAA layer does cache an 
MSK then the use of TSKs derived from the MSK MUST prevent key reuse. "

The rest of the text looks good and covers the robustness 
considerations you bring up.

regards,
Lakshminath

At 02:25 PM 5/2/2006, Salowey, Joe wrote:
> Submitter name: Joe Salowey
> Submitter email address: jsalowey [at] cisco.com
> Date first submitted: 05/02/06
> Reference:
> Document: Keying Framework
> Comment type:  T
> Priority:  2
> Section: 2.1
> Rationale/Explanation of issue:
>
> The Current draft states that keys may not be cached once transported. I
> am wondering if this is too restrictive.  Perhaps keys will be cached
> for session recovery and availability purposes.
>
> Suggested Text:
>
>  "In order to avoid key reuse, the AAA layer SHOULD delete transported
>   keys once they are sent.  The AAA layer SHOULD NOT retain keys that
>   it has previously sent.  For example, a AAA layer that has
>   transported the MSK SHOULD delete it.  If the AAA layer does cache an
> MSK
>   then the use of TSKs derived from the MSK MUST prevent key reuse. "
>
> _________________________________________________________________
> To unsubscribe or modify your subscription options, please visit:
> http://lists.frascone.com/mailman/listinfo/eap
>
> Arhives: http://lists.frascone.com/pipermail/eap