| Re: Proposed Resolution to Issue 362: Lower layer parameters and EMSK text | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Sat, 24 Jun 2006 14:08:43 -0700 (PDT) | |
Vidya said:
"> As noted in [RFC3748] Section 7.10:
[BA] Since this is a quotation from [RFC3748] rather than anything created in this document, we can delete the quote. Don't think it adds much anyway.
[Vidya]
[BA] How about this?
"> As noted in [RFC3748] Section 7.10:
The EMSK is reserved for future use and MUST remain on the EAP peer and EAP server where it is derived; it MUST NOT be transported to, or shared with, additional parties, or used to derive any other keys."
Are we sticking to this rule that the EMSK MUST NOT be used to derive any other keys? Given that there is agreement in general about potential derivation of keys from the EMSK, what implications does this text have to future documents specifying derived keys from the EMSK?"
[BA] Since this is a quotation from [RFC3748] rather than anything created in this document, we can delete the quote. Don't think it adds much anyway.
[Vidya]
On the EAP server, keying material and parameters requested by and passed down to the AAA layer may be replicated to the AAA layer on the authenticator.
I understand what the above is trying to say - however, this does conflict with the fact that the EMSK MUST NOT be transported to the authenticator (even though it may be passed down to the AAA layer on the server). I wonder if some clarification is necessary to avoid confusion.
[BA] How about this?
"On the EAP server, keying material and parameters requested by and passed down to the AAA layer may be replicated to the AAA layer on the authenticator (with the exception of the EMSK)."
-
Re: Proposed Resolution to Issue 362: Lower layer parameters and EMSK text Bernard Aboba, June 24 2006
- Re: Proposed Resolution to Issue 362: Lower layer parametersand EMSK text Narayanan, Vidya, June 26 2006
Results generated by Tiger Technologies using MHonArc.