While I have no issue with the first paragraph, I don't
understand the
composition of the subparagraph. Sure it is understandable
to prohibit
EMSK distribution to third parties, but why are we
prohibiting its use
within the parties who derived it?
Don't we think saying EMSK is future use and then say EMSK
is not to be
used for this or that is a bit contradictory?
Either its future use is undefined and is to be defined by
other docs or
we have some idea about its future use. Why are going to
length
prohibiting the most probable use case of the EMSK while
leaving the
rest of use cases open??
-----Original Message-----
From: Narayanan, Vidya [mailto:vidyan qualcomm.com]
Sent: Thursday, April 06, 2006 3:09 AM
To: eapfrascone.com
Subject: [eap] EMSK Transport Text
Section 2 in draft-ietf-eap-keying-11 says:
" The EMSK MUST NOT be provided to an entity outside
the EAP server or
peer, nor is it permitted to pass any quantity to an
entity outside
the EAP server or peer from which the EMSK could be
computed without
breaking some cryptographic assumption, such as inverting
a one-way
function. The EMSK MUST NOT be transported by the AAA
layer. As
noted in [RFC3748] Section 7.10:
The EMSK is reserved for future use and MUST remain on
the EAP
peer and EAP server where it is derived; it MUST NOT
be
transported to, or shared with, additional parties, or
used to
derive any other keys."
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|