| Re: [Fwd: Re: hopefully final changes for draft-ietf-eap-keying] | <– Date –> <– Thread –> |
From: Bernard_Aboba (Bernard_Aboba hotmail.com)
|
|
| Date: Wed, 14 Nov 2007 11:29:10 -0800 (PST) | |
Well, if one parses the above 3 sentences with _session keys_ in mind it is possible.
The definition of "keying material" in RFC 4962 is the same as in the EKMF document -- it refers to EAP keying material as well as session keys and intermediate keys.
In reading these paragraphs, I don't believe they prohibit a fast reauthentication exchange where the new authenticator obtains from the AAA server a key that is cryptographically separate from a previous key given to the old authenticator.
Since compromise of one authenticator would not result in compromise of
another one, I don't think that this would run afoul of any statements in
RFC 4962 or the EKMF (related to key sharing or otherwise).
- Re: hopefully final changes for draft-ietf-eap-keying], (continued)
- Re: hopefully final changes for draft-ietf-eap-keying] Bernard_Aboba, November 12 2007
- Message not available
- Re: hopefully final changes for draft-ietf-eap-keying Jari Arkko, November 13 2007
- Re: hopefully final changes for draft-ietf-eap-keying Dan Harkins, November 14 2007
- Re: [Fwd: Re: hopefully final changes for draft-ietf-eap-keying] Bernard_Aboba, November 14 2007
- Re: [Fwd: Re: hopefully final changes for draft-ietf-eap-keying] Dan Harkins, November 14 2007
- Re: [Fwd: Re: hopefully final changes for draft-ietf-eap-keying] Dan Harkins, November 14 2007
- Re: [Fwd: Re: hopefully final changes fordraft-ietf-eap-keying] Bernard_Aboba, November 14 2007
- Re: [Fwd: Re: hopefully final changes fordraft-ietf-eap-keying] Yoshihiro Ohba, November 14 2007
Results generated by Tiger Technologies using MHonArc.