> >
>
> Vidya said:
>
> "Are you saying then that in accordance with
4137, the EMSK
> will also be delivered to the AAA layer on the EAP
server? "
>
> That's how I read it, yes. The keying material and
> parameters are passed via the eapKeyData structure to
the
> lower layer (which would be the AAA layer on the EAP
server
> when in passthrough mode), via the m.getKey() function.
The
> AAA layer then fills in the aaaEapKeyData structure and
> passes this to the authenticator. While both
eapKeyData and
> aaaEapKeyData are of type "EAP Key" there
doesn't appear to
> be a presumption that they are the same. So the AAA
layer
> could receive the EMSK, but not pass it to the
> authenticator.
>
I wonder if we are restricted in defining the behavior of
the EMSK based
on a spec that did not consider EMSKs to begin with? It may
be that we
would conclude it is okay to pass the EMSK to the AAA layer
- but,
should we be constrained by 4137 though?
Vidya
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|