Thank you for this survey. One question though. I couldn't find any mention of "MSK" or "EMSK" in RFC 2716. Can you tell us how to get those keys out of that spec?
Alper > -----Original Message----- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 19, 2006 8:44 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Cc: [email protected] > Subject: RE: [Emu] MSK but no EMSK > > >I remember someone in Hokey WG meeting mentioned that not all methods > >generate EMSK (even though they generate MSK). Is that accurate? > > The simple answer is "we don't know" because prior to RFC 3748, EAP Type > Codes could be allocated without a specification. > > However, for methods published as RFCs or in the RFC Editor Queue, we know > the following: > > a) None of the RFC 3748-specified EAP methods generate keys (EAP MD5, OTP, > GTC). > > b) All of the key generating EAP methods published as RFCs specify how to > derive the MSK and EMSK. This includes EAP TLS (RFC 2716), EAP SIM (RFC > 4186), and EAP AKA (RFC 4817). The generation of the Session-Id, Peer-Id > and Server-Id is also specified for these methods in the Key Management > Framework document. > > c) All of the key generating EAP methods currently in the RFC Editor queue > specify how to derive both the MSK and EMSK. This includes EAP PSK > (draft-bersani-eap-psk-11.txt), EAP SAKE (draft-vanderveen-eap-sake- > 02.txt), > EAP PAX (draft-clancy-eap-pax-11.txt), EAP POTP > (draft-nystrom-eap-potp-07.txt). None of these methods specify how to > derive the Peer-Id, Server-Id and Session-Id (e.g. they are non-compliant > with the EAP Key Management Framework). > > d) Allocation of an EAP Type Code requires specification of the MSK, EMSK, > and Session-Id and Peer-Id/Server-Id if known. > _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
