List Info

Thread: About use of EMSK
About use of EMSK
user name
 2006-02-20 22:13:12 
After last discussions in strawman -10 (and those one
related with EMSK/AMSK in November), 
I am still trying to figure out what layer as specified in
figure 3 
would be intended to create more keys by using MSK,EMSK
exported by EAP method.

In section 2.2 it is said:

"As illustrated in Figure 3, on completion of EAP
authentication, EAP
   methods export the Master Session Key (MSK), Extended
Master Session
   Key (EMSK), Peer-ID, Server-ID, Session-ID and
Key-Lifetime to the
   EAP peer or authenticator layers.  The Initialization
Vector (IV) is
   deprecated."

That is , EMSK, MSK arrives to next lower layer than EAP
method layer . Now EMSK,MSK are in EAP peer/authenticator
layer. Following next text:

   "The EAP peer and authenticator layers MUST NOT
modify or cache keying
   material or parameters (including Channel Bindings)
passing in either
   direction between the EAP method layer and the EAP
layer."  

it means EMSK,MSK now arrives to EAP layer... but 

   "The EAP layer also MUST NOT cache keying material
or parameters (including
   Channel Bindings) passed to it, whether by the EAP
peer/authenticator
   layer, the lower layer or the AAA layer."

Thus EMSK,MSK would arrive lower layer/AAA layer. If EMSK
does not want to be exported to AAA layer or lower layer in
some point  (either EAP peer/authenticator layer
or EAP layer), EMSK is removed. In strawman 10, now EMSK
appears in AAA layer (though i don't know if it will
eventually be in that way).

My question is what layer (EAP method, EAP
peer/authenticator layer, EAP layer, lower layer/AAA layer) 
is intended to get EMSK to create new possible keys (AMSK)? 

is there any decision in this regard?

The question is also related with
draft-aboba-eap-keying-extns-00.txt, basically what layer is
intended to  calculate this function (or similar)?
AMSK = KDF(EMSK, key label, optional application data,
length)

Thanks.

-- 
------------------------------------------------------
Rafael Marin Lopez
Faculty of Computer Science-University of Murcia
30071 Murcia - Spain
Telf: +34968367645    e-mail: rafadif.um.es
------------------------------------------------------

____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )