Issue: section 2.1 AAA key caching

Hi Joe,

I don't understand the last sentence: "If the AAA
layer does cache an 
MSK then the use of TSKs derived from the MSK MUST prevent
key reuse. "

The rest of the text looks good and covers the robustness 
considerations you bring up.

regards,
Lakshminath

At 02:25 PM 5/2/2006, Salowey, Joe wrote:
>Submitter name: Joe Salowey
>Submitter email address: jsaloweycisco.com
>Date first submitted: 05/02/06
>Reference:
>Document: Keying Framework
>Comment type:  T
>Priority:  2
>Section: 2.1
>Rationale/Explanation of issue:
>
>The Current draft states that keys may not be cached
once transported. I
>am wondering if this is too restrictive.  Perhaps keys
will be cached
>for session recovery and availability purposes.
>
>Suggested Text:
>
>  "In order to avoid key reuse, the AAA layer
SHOULD delete transported
>   keys once they are sent.  The AAA layer SHOULD NOT
retain keys that
>   it has previously sent.  For example, a AAA layer
that has
>   transported the MSK SHOULD delete it.  If the AAA
layer does cache an
>MSK
>   then the use of TSKs derived from the MSK MUST
prevent key reuse. "
>
>________________________________________________________
_________
>To unsubscribe or modify your subscription options,
please visit:
>http:/
/lists.frascone.com/mailman/listinfo/eap
>
>Arhives: http://lists.
frascone.com/pipermail/eap

____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap

Arhives: http://lists.
frascone.com/pipermail/eap