> -----Original Message-----
> From: Jari Arkko [mailto:jari.arkko piuha.net]
> Sent: Wednesday, March 22, 2006 5:32 AM
> To: Salowey, Joe
> Cc: Bernard Aboba; eapfrascone.com
> Subject: Re: [eap] Re: KDF Negotiation for AMSK
derivation
>
> >
> >
> >>Just to clarify what you are proposing --
> >>are you saying that (a) we should deliver both
MSK and EMSK to the
> >>lower layer and that (b) in addition prohibit
AAA from transporting
> >>the EMSK?
> >>
> >>
> >>
> >
> >[Joe] This to me sounds like a contradiction so I
do not possibly see
> >how it could work. Perhaps I am not understanding
the term "lower
> >layer".
> >
> >
> I think we have a terminology problem. I though what
Bernard was
> suggesting is that you provide the MSK and EMSK through
the
> API to whatever is calling EAP. And then setting an
additional
> requirement to AAA that it cannot transport one of the
quantities
> out of the box.
>
[Joe] If it is only a terminology problem that is OK, I'm
not cmpletely
sure that it is. We need to clean up the terminology around
lower layer.
My understanding of lower layer is it is the protocol
between the EAP
Peer and EAP Authenticator where ciphering may be aplied
based on keys
derived from the EAP exchange. The endpoints of the lower
layer do not
always directly invoke EAP.
We need a different name for the "EAP caller"
which is the entity that
is calling the EAP module, which may be located on the
authenticator or
on a separate device such as a AAA server.
> --Jari
>
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|