> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko piuha.net]
> Sent: Wednesday, March 22, 2006 4:44 AM
> To: Bernard Aboba
> Cc: eapfrascone.com
> Subject: Re: [eap] Re: m.getKey() and RFC 4137
>
> Bernard Aboba wrote:
>
> >Vidya said:
> >
> >"Are you saying then that in accordance with
4137, the EMSK
> will also be
> >delivered to the AAA layer on the EAP server?
"
> >
> >That's how I read it, yes. The keying material
and
> parameters are passed
> >via the eapKeyData structure to the lower layer
(which would
> be the AAA
> >layer on the EAP server when in passthrough mode),
via the m.getKey()
> >function. The AAA layer then fills in the
aaaEapKeyData
> structure and
> >passes this to the authenticator. While both
eapKeyData and
> aaaEapKeyData
> >are of type "EAP Key" there doesn't
appear to be a
> presumption that they are
> >the same. So the AAA layer could receive the EMSK,
but not
> pass it to the
> >authenticator.
> >
> >
>
> So -- we are still talking only about what happens
"inside the box",
> not about the delivery of the EMSK to the access point
on the
> coffee shop wall? I'm not sure I care much about what
happens
> inside the box, as long as the value doesn't leave the
box...
>
[Joe] I agree what happens within a peer or within a
combined
authenticator and EAP server is not really a big concern
from an
external view. It's more what happens when we have separed
the EAP
server and EAP authenticator that these details become
observable
aspects of the system.
> --Jari
>
>
____________________________________________________________
_____
> To unsubscribe or modify your subscription options,
please visit:
> http:/
/lists.frascone.com/mailman/listinfo/eap
>
> Arhives: http://lists.
frascone.com/pipermail/eap
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|