RE: [Emu] Re: [Hokeyp] MSK but no EMSK

To: "Lakshminath Dondeti" <ldondeti at qualcomm.com>, "Yoshihiro Ohba" <yohba at tari.toshiba.com>, "Alper Yegin" <alper.yegin at yegin.org>
Subject: RE: [Emu] Re: [Hokeyp] MSK but no EMSK
From: "Hao Zhou \(hzhou\)" <hzhou at cisco.com>
Date: Thu, 16 Nov 2006 12:55:55 -0500
Authentication-results: sj-dkim-4; header.From=hzhou@cisco.com; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
Cc: hokeyp at opendiameter.org, emu at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2427; t=1163699758; x=1164563758; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=hzhou@cisco.com; z=From:=20=22Hao=20Zhou=20\(hzhou\)=22=20<hzhou@cisco.com> |Subject:=20RE=3A=20[Emu]=20Re=3A=20[Hokeyp]=20MSK=20but=20no=20EMSK |Sender:=20; bh=ucP0V9WcSS48bsIeztrxHJ1ElCK4FsHwqE4BYiUUKfA=; b=rn6Sw16GoYLbZ0ig4vFjOKkm7nZ34LLvbbE+kKRM8wDjmMwiZcvqqpWKa50cW4EFPqlqx+5s l3rYdbtCQfB4xbnB/psz2gXSo+1n+8k2o4JkT+hpGf3Be5BjX6T+PlVZ;
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AccJpghOqp7fZl+8QJyjbc1uMbXJFQAAbOHg
Thread-topic: [Emu] Re: [Hokeyp] MSK but no EMSK

I pointed in the meeting that even EAP RFC mandates EMSK, however I
don't know any existing EAP implementation actually generates and
exports EMSK (especially the popular ones, like EAP-TLS, PEAP, EAP-FAST,
EAP-TTLS, etc.) So if we build our key hierarchy on top of EMSK, we will
require replacing all existing EAP implementations, both from the server
and client side. If we cold use MSK, then we only need to replace EAP
lower layer that wants to support handover.

> -----Original Message-----
> From: Lakshminath Dondeti [mailto:ldondeti at qualcomm.com] 
> Sent: Thursday, November 16, 2006 12:38 PM
> To: Yoshihiro Ohba; Alper Yegin
> Cc: hokeyp at opendiameter.org; emu at ietf.org
> Subject: Re: [Emu] Re: [Hokeyp] MSK but no EMSK
> 
> At 06:27 AM 11/16/2006, Yoshihiro Ohba wrote:
> >I made one comment around this in the HOKEY session.  The 
> intent of my 
> >comment was that use of EMSK is optional.
> 
> Hi Yoshi,
> 
> Which document says that the "use" of EMSK is optional?
> 
> >There would be an
> >interoperability issue if peer and server do not negotiate 
> on the use 
> >of EMSK before actually using it.
> 
> The interoperability issue would only come up if there is 
> ambiguity or options.
> 
> Lakshminath
> 
> 
> >Yoshihiro Ohba
> >
> >
> >On Thu, Nov 16, 2006 at 11:01:15AM +0200, Alper Yegin wrote:
> > >
> > > I remember someone in Hokey WG meeting mentioned that not all 
> > > methods generate EMSK (even though they generate MSK). Is 
> that accurate?
> > >
> > > Despite this RFC 3748 text?
> > >
> > >    In order to provide keying material for use in a
> > >    subsequently negotiated ciphersuite, an EAP method 
> supporting key
> > >    derivation MUST export a Master Session Key (MSK) of 
> at least 64
> > >    octets, and an Extended Master Session Key (EMSK) of 
> at least 64
> > >    octets.
> > >
> > > Alper
> > >
> > >
> > > _______________________________________________
> > > Hokeyp mailing list
> > > Hokeyp at opendiameter.org
> > > http://www.opendiameter.org/mailman/listinfo/hokeyp
> > >
> >
> >_______________________________________________
> >Emu mailing list
> >Emu at ietf.org
> >https://www1.ietf.org/mailman/listinfo/emu
> 
> 
> _______________________________________________
> Emu mailing list
> Emu at ietf.org
> https://www1.ietf.org/mailman/listinfo/emu
> 

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

Follow-Ups:
- Re: [Emu] Re: [Hokeyp] MSK but no EMSK
  - From: Charles Clancy

Prev by Date: Re: [Emu] Re: [Hokeyp] MSK but no EMSK
Next by Date: Re: [Emu] Re: [Hokeyp] MSK but no EMSK
Previous by thread: [Emu] NIST KDF & EAP-GPSK
Next by thread: Re: [Emu] Re: [Hokeyp] MSK but no EMSK
Index(es):
- Date
- Thread

RE: [Emu] Re: [Hokeyp] MSK but no EMSK

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.