RE: [Hokeyp] [Emu] Re: MSK but no EMSK

[Michael Ye <yechengping at huawei.com>]

The discussion focuses on the problem EMSK is optional or mandatory.
RFC3578 defined EMSK is mandatory, but it is not used at all.  If EMSK must
be used, it is mandatory . if no, I think, it may be better that it is
optional. If EMSK is necessary for some "applications" in the future,  we
may still use it by option. If RFC3578 don't be taken into account , I
prefer to that it is optional.

Michael

  

> -----Original Message-----
> From: hokeyp-bounces at opendiameter.org 
> [mailto:hokeyp-bounces at opendiameter.org] On Behalf Of Blumenthal, Uri
> Sent: Friday, November 17, 2006 10:58 AM
> To: hokeyp at opendiameter.org; emu at ietf.org
> Subject: Re: [Hokeyp] [Emu] Re: MSK but no EMSK
> 
> I happen to agree with Vidya on this.
> 
> It is not optional for new EAP methods to produce EMSK. 
> Whether EMSK gets used or not is totally besides the point.  
> (If we can conceive that EMSK would serve a need in some 
> distant future - we have to enforce its generation now. And 
> it is required by RFC 3748 :-)
> 
> What to do with the existing _old_ methods that aren't 
> compliant - I leave it for the group to decide.
> 
> -----Original Message-----
> From: hokeyp-bounces at opendiameter.org
> [mailto:hokeyp-bounces at opendiameter.org] On Behalf Of Narayanan, Vidya
> Sent: Thursday, November 16, 2006 9:35 PM
> To: Bernard Aboba; hokeyp at opendiameter.org; emu at ietf.org
> Subject: Re: [Hokeyp] [Emu] Re: MSK but no EMSK
> 
> > 
> > It's worth keeping in mind that there are very few existing RFC 
> > 3748-compliant EAP implementations.  So most existing EAP method 
> > implementations do not generate an EMSK, and most existing EAP 
> > implementations would not do anything with the EMSK if it 
> were to be 
> > generated.
> > 
> 
> Well, the question is this - is the requirement to 
> interoperate with existing standards or existing 
> implementations? Given that we have a spec that says what it 
> does, it seems to make sense to interoperate with that. If we 
> are going by existing implementations, there is probably more 
> than one flavor and then there is the question of when the 
> MSK is directly delivered to the authenticator and when it 
> isn't and how the peer knows that. 
> 
> In this case, I tend to agree with Charles that it is better 
> to have to fix non-compliant implementations than try to 
> design around them. Also, if we choose to ignore the standard 
> and use the implementations that don't produce an EMSK as a 
> data point, the standard doesn't seem to be serving a purpose 
> then - perhaps, we should then consider revising
> RFC3748 to reflect what we want to use as a starting point 
> for requirements? 
> 
> Vidya
> _______________________________________________
> Hokeyp mailing list
> Hokeyp at opendiameter.org
> http://www.opendiameter.org/mailman/listinfo/hokeyp
> _______________________________________________
> Hokeyp mailing list
> Hokeyp at opendiameter.org
> http://www.opendiameter.org/mailman/listinfo/hokeyp
> 



_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu