> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko piuha.net]
> Sent: Wednesday, March 22, 2006 4:49 AM
> To: Bernard Aboba
> Cc: eapfrascone.com
> Subject: Re: [eap] Re: KDF Negotiation for AMSK
derivation
>
> Bernard Aboba wrote:
>
> >These problems largely evaporate if AMSKs are
generated by
> the lower layer,
> >since the lower layer
> >can then negotiate the appropriate KDF for their
generation.
> No changes
> >would be required for existing or
> >new EAP methods. No changes would be required to
RFC 4137.
> >
> >
>
> These are good arguments. Just to clarify what you are
proposing --
> are you saying that (a) we should deliver both MSK and
EMSK to the
> lower layer and that (b) in addition prohibit AAA from
transporting
> the EMSK?
>
[Joe] This to me sounds like a contradiction so I do not
possibly see
how it could work. Perhaps I am not understanding the term
"lower
layer".
> If yes, I think I agree and maybe that's the way
forward. I have
> also re-read the relevant parts of the keying framework
document
> and I did not see any text changes that we would need
to do.
> It already says that the EMSK is exported to the lower
layer and
> that AAA transport of the EMSK is prohibited. Is there
something
> else that we need?
>
> --Jari
>
>
____________________________________________________________
_____
> To unsubscribe or modify your subscription options,
please visit:
> http:/
/lists.frascone.com/mailman/listinfo/eap
>
> Arhives: http://lists.
frascone.com/pipermail/eap
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|