m.getKey() and RFC 4137

Bernard Aboba wrote:

>Vidya said:
>
>"Are you saying then that in accordance with 4137,
the EMSK will also be
>delivered to the AAA layer on the EAP server? "
>
>That's how I read it, yes.  The keying material and
parameters are passed
>via the eapKeyData structure to the lower layer (which
would be the AAA
>layer on the EAP server when in passthrough mode), via
the m.getKey()
>function.  The AAA layer then fills in the aaaEapKeyData
structure and
>passes this to the authenticator.  While both eapKeyData
and aaaEapKeyData
>are of type "EAP Key" there doesn't appear
to be a presumption that they are
>the same.  So the AAA layer could receive the EMSK, but
not pass it to the
>authenticator.
>  
>

So -- we are still talking only about what happens
"inside the box",
not about the delivery of the EMSK to the access point on
the
coffee shop wall? I'm not sure I care much about what
happens
inside the box, as long as the value doesn't leave the
box...

--Jari

____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap

>So -- we are still talking only about what happens
"inside the box",
>not about the delivery of the EMSK to the access point
on the
>coffee shop wall? I'm not sure I care much about what
happens
>inside the box, as long as the value doesn't leave the
box...

Right. I think we only care about externally observable
behavior.


____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap