eap Mailing List: Re: [Fwd: Re: hopefully final changes for draft-ietf-eap-keying]

[Dan Harkins (dharkins]

  Hi Bernard,

  Yes that sounds like another valid parsing of that text. And I
note that such a parsing doesn't cover the case of an authenticator
taking a key it received from a AAA server, running some "key derivation
function" on it and sending the derived key to a distinct authenticator.

  Dan.

On Wed, November 14, 2007 11:29 am, Bernard_Aboba [at] hotmail.com wrote:
>> Well, if one parses the above 3 sentences with _session
>> keys_ in mind it is possible.
>
> The definition of "keying material" in RFC 4962 is the same as in the
> EKMF document -- it refers to EAP keying material as well as session keys
> and intermediate keys.
>
> In reading these paragraphs, I don't believe they prohibit a fast
> reauthentication exchange where the new authenticator obtains
> from the AAA server a key that is cryptographically separate from a
> previous
> key given to the old authenticator.
>
> Since compromise of one authenticator would not result in compromise of
> another one,  I don't think that this would run afoul of any statements in
> RFC 4962 or the EKMF (related to key sharing or otherwise).
>
>