eap Mailing List: Re: Issue: Use of a label in derivation of keys from the MSK

[Bernard_Aboba (Bernard_Aboba]

> If we are to do this, we should summarize all the known uses of the MSK:
>  In some cases it is used for deriving traffic keys and in other cases,
> traffic keys along with other MSK-equivalent keys.

Not sure what "MSK-equivalent" means here.  Can you explain?

> Some specifications
> achieve key separation by using different parts of the MSK for different
> purposes and use key labels for key separation thereafter.

Can you give an example of an EAP lower layer that does this?  IEEE 802.11i, 
r
and 16e all use a portion of the MSK (PMK) as a root and don't use the rest.
I think they do this to enable future key hierarchy extensions.

> Others use labels alone for key separation.

802.11i, 11r, and 1af would fall into this category.

> The MSK is also used as a substitute for LTCs in the IKEv2 context.

Yes.

> Given the complexity of the state of affairs, a simple statement along
> the lines of "use key labels for key separation" is not really accurate.

The document already describes existing practices, so the
issue is not really "accuracy".  The issue is having advice
that could have guided the PANA protocol specification
(where there was no root key derived from the MSK, and also
no label used, so that cryptographically separate branches
could not be created).