>
> If the EAP server has no control over the lifetime when
EMSK
> is used for a specific purpose, then it would be the
time to
> think about possibility to use a mechanism other than
EAP for
> that purpose.
>
The EAP server never actually has control over the lifetime
of a key
that it has handed out to other parties. Even with the MSKs,
it is only
a guidance. The authenticator may enforce a lifetime based
on its
policy.
So, the question really is about whether the guidance
provided should be
the same regardless of the purpose of the key.
Vidya
____________________________________________________________
_____
To unsubscribe or modify your subscription options, please
visit:
http:/
/lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.
frascone.com/pipermail/eap
|