> > It Should say: > > S-IMCK[j] = first 40 octets of IMCK[j] > CMK[j] = last 20 octets of IMCK[j] > where TLS-PRF is the PRF negotiated as part of TLS handshake [RFC5246]. > If no inner EAP method has been run the S-IMCK and CMK are generated as > above from S-IMCK[0].
Joe, for me it still doesn't sound as exact enough instructions. We should explain how to generate S-IMCK and CMK for no inner method case with more details. The Crypto-Binding TLV MUST be exchanged and verified before the > final Result TLV exchange, regardless of whether there is an inner > EAP method authentication or not. This still remains an open question whether we MUST send Crypto-Binding TLV after Basic-Password-Authentication exchange or not. Is Basic-Password-Authentication treated just as a case of no inner EAP authentication method? It is also discussed in the errata 5844 thread. Regarding introduction of Zero-MSK flag in Crypto-Binding TLV - do you think it is unnecessary? So if one peer doesn't export a specific inner method MSK and ESMK and uses Zero-MSK and another peer expects MSK or ESMK - then the Crypto-Binding TLV exchange will fail naturally. Maybe it's worth saying exactly that if the inner method exports MSK or EMSK then each peer MUST use it and not Zero-MSK. >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu