RE: [Emu] MSK but no EMSK
"Ray Bell" <ray@grid-net.com> Mon, 27 November 2006 07:09 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Goabv-0004rw-15; Mon, 27 Nov 2006 02:09:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Goabs-0004ro-7i for emu@ietf.org; Mon, 27 Nov 2006 02:09:00 -0500
Received: from mail711.megamailservers.com ([69.49.98.21]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Goabq-0000eH-U6 for emu@ietf.org; Mon, 27 Nov 2006 02:09:00 -0500
X-Authenticated-User: ray.grid-net.com
Received: from RBLAPTOP (h-68-167-203-99.snfccasy.covad.net [68.167.203.99]) (authenticated bits=0) by mail711.megamailservers.com (8.13.6.20060614/8.13.1) with ESMTP id kAR78VFD014661; Mon, 27 Nov 2006 02:08:34 -0500
From: Ray Bell <ray@grid-net.com>
To: 'Alper Yegin' <alper.yegin@yegin.org>, 'Bernard Aboba' <bernard_aboba@hotmail.com>, hokeyp@opendiameter.org
Subject: RE: [Emu] MSK but no EMSK
Date: Sun, 26 Nov 2006 23:08:26 -0800
Message-ID: <001d01c711f2$d6f33790$63cba744@RBLAPTOP>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
thread-index: AccMCr/G/i13kSpoTvumXVmKnV+pugBffmKQARp1mLA=
In-Reply-To: <0MKp2t-1GmYN531ua-0003rd@mrelay.perfora.net>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8
Cc: emu@ietf.org
X-BeenThere: emu@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/emu>
List-Post: <mailto:emu@ietf.org>
List-Help: <mailto:emu-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
Errors-To: emu-bounces@ietf.org
RFC 3748 - Extensible Authentication Protocol (EAP), June 2004
Page 6:
Master Session Key (MSK)
Keying material that is derived between the EAP peer and server
and exported by the EAP method. The MSK is at least 64 octets in
length. In existing implementations, a AAA server acting as an
EAP server transports the MSK to the authenticator.
Extended Master Session Key (EMSK)
Additional keying material derived between the EAP client and
server that is exported by the EAP method. The EMSK is at least
64 octets in length. The EMSK is not shared with the
authenticator or any other third party. The EMSK is reserved for
future uses that are not defined yet.
Ray
-----Original Message-----
From: Alper Yegin [mailto:alper.yegin@yegin.org]
Sent: Tuesday, November 21, 2006 8:21 AM
To: 'Bernard Aboba'; hokeyp@opendiameter.org
Cc: emu@ietf.org
Subject: RE: [Emu] MSK but no EMSK
Thank you for this survey.
One question though. I couldn't find any mention of "MSK" or "EMSK" in RFC
2716. Can you tell us how to get those keys out of that spec?
Alper
> -----Original Message-----
> From: Bernard Aboba [mailto:bernard_aboba@hotmail.com]
> Sent: Sunday, November 19, 2006 8:44 PM
> To: alper.yegin@yegin.org; hokeyp@opendiameter.org
> Cc: emu@ietf.org
> Subject: RE: [Emu] MSK but no EMSK
>
> >I remember someone in Hokey WG meeting mentioned that not all methods
> >generate EMSK (even though they generate MSK). Is that accurate?
>
> The simple answer is "we don't know" because prior to RFC 3748, EAP Type
> Codes could be allocated without a specification.
>
> However, for methods published as RFCs or in the RFC Editor Queue, we know
> the following:
>
> a) None of the RFC 3748-specified EAP methods generate keys (EAP MD5, OTP,
> GTC).
>
> b) All of the key generating EAP methods published as RFCs specify how to
> derive the MSK and EMSK. This includes EAP TLS (RFC 2716), EAP SIM (RFC
> 4186), and EAP AKA (RFC 4817). The generation of the Session-Id, Peer-Id
> and Server-Id is also specified for these methods in the Key Management
> Framework document.
>
> c) All of the key generating EAP methods currently in the RFC Editor queue
> specify how to derive both the MSK and EMSK. This includes EAP PSK
> (draft-bersani-eap-psk-11.txt), EAP SAKE (draft-vanderveen-eap-sake-
> 02.txt),
> EAP PAX (draft-clancy-eap-pax-11.txt), EAP POTP
> (draft-nystrom-eap-potp-07.txt). None of these methods specify how to
> derive the Peer-Id, Server-Id and Session-Id (e.g. they are non-compliant
> with the EAP Key Management Framework).
>
> d) Allocation of an EAP Type Code requires specification of the MSK, EMSK,
> and Session-Id and Peer-Id/Server-Id if known.
>
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www1.ietf.org/mailman/listinfo/emu
- [Emu] Re: [Hokeyp] MSK but no EMSK Yoshihiro Ohba
- Re: [Emu] Re: [Hokeyp] MSK but no EMSK Lakshminath Dondeti
- RE: [Emu] Re: [Hokeyp] MSK but no EMSK Hao Zhou (hzhou)
- Re: [Emu] Re: [Hokeyp] MSK but no EMSK Charles Clancy
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Lakshminath Dondeti
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Narayanan, Vidya
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Bernard Aboba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Narayanan, Vidya
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Narayanan, Vidya
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Bernard Aboba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Jouni Malinen
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Blumenthal, Uri
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Blumenthal, Uri
- [Emu] MSK but no EMSK Alper Yegin
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Michael Ye
- RE: [Emu] MSK but no EMSK Bernard Aboba
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Michael Ye
- Re: [Emu] MSK but no EMSK Charles Clancy
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Madjid Nakhjiri
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Madjid Nakhjiri
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- RE: [Emu] MSK but no EMSK Bernard Aboba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Lakshminath Dondeti
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Tom Wan
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Lakshminath Dondeti
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK David Mitton
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Charles Clancy
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Yoshihiro Ohba
- RE: [Emu] MSK but no EMSK Alper Yegin
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK Julien Laganier
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Blumenthal, Uri
- RE: [Emu] MSK but no EMSK Ray Bell
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Madjid Nakhjiri
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK/USRKs Madjid Nakhjiri
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK Michael Ye