IETF Logo Mail Archive

RE: [Emu] MSK but no EMSK

"Alper Yegin" <alper.yegin@yegin.org> Mon, 27 November 2006 05:09 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GoYjo-0005xe-CV; Mon, 27 Nov 2006 00:09:04 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GmYNM-0000Op-8Y for emu@ietf.org; Tue, 21 Nov 2006 11:21:36 -0500
Received: from mout.perfora.net ([217.160.230.41]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GmYNL-0006Hx-0f for emu@ietf.org; Tue, 21 Nov 2006 11:21:36 -0500
Received: from [85.102.133.158] (helo=IBM52A5038A94F) by mrelay.perfora.net (node=mrelayus1) with ESMTP (Nemesis), id 0MKp2t-1GmYN531ua-0003rd; Tue, 21 Nov 2006 11:21:26 -0500
From: Alper Yegin <alper.yegin@yegin.org>
To: 'Bernard Aboba' <bernard_aboba@hotmail.com>, hokeyp@opendiameter.org
Subject: RE: [Emu] MSK but no EMSK
Date: Tue, 21 Nov 2006 18:21:16 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: AccMCr/G/i13kSpoTvumXVmKnV+pugBffmKQ
In-Reply-To: <BAY117-F228CD52A42BA2C440C046693EE0@phx.gbl>
Message-ID: <0MKp2t-1GmYN531ua-0003rd@mrelay.perfora.net>
X-Provags-ID: perfora.net abuse@perfora.net login:abf7a4bb310ea4dfc9b6841113e2970f
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 769a46790fb42fbb0b0cc700c82f7081
X-Mailman-Approved-At: Mon, 27 Nov 2006 00:09:02 -0500
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org

Thank you for this survey. 

One question though. I couldn't find any mention of "MSK" or "EMSK" in RFC
2716. Can you tell us how to get those keys out of that spec?

Alper



> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba@hotmail.com]
> Sent: Sunday, November 19, 2006 8:44 PM
> To: alper.yegin@yegin.org; hokeyp@opendiameter.org
> Cc: emu@ietf.org
> Subject: RE: [Emu] MSK but no EMSK
> 
> >I remember someone in Hokey WG meeting mentioned that not all methods
> >generate EMSK (even though they generate MSK). Is that accurate?
> 
> The simple answer is "we don't know" because prior to RFC 3748, EAP Type
> Codes could be allocated without a specification.
> 
> However, for methods published as RFCs or in the RFC Editor Queue, we know
> the following:
> 
> a) None of the RFC 3748-specified EAP methods generate keys (EAP MD5, OTP,
> GTC).
> 
> b) All of the key generating EAP methods published as RFCs specify how to
> derive the MSK and EMSK.   This includes EAP TLS (RFC 2716), EAP SIM (RFC
> 4186), and EAP AKA (RFC 4817).   The generation of the Session-Id, Peer-Id
> and Server-Id is also specified for these methods in the Key Management
> Framework document.
> 
> c) All of the key generating EAP methods currently in the RFC Editor queue
> specify how to derive both the MSK and EMSK.  This includes EAP PSK
> (draft-bersani-eap-psk-11.txt), EAP SAKE (draft-vanderveen-eap-sake-
> 02.txt),
> EAP PAX (draft-clancy-eap-pax-11.txt), EAP POTP
> (draft-nystrom-eap-potp-07.txt).  None of these methods specify how to
> derive the Peer-Id, Server-Id and Session-Id (e.g. they are non-compliant
> with the EAP Key Management Framework).
> 
> d) Allocation of an EAP Type Code requires specification of the MSK, EMSK,
> and Session-Id and Peer-Id/Server-Id if known.
> 



_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu

v2.23.0 | Report a Bug | By Email