RE: [Hokeyp] [Emu] Re: MSK but no EMSK

To: "'Blumenthal, Uri'" <uri.blumenthal at intel.com>, hokeyp at opendiameter.org, emu at ietf.org
Subject: RE: [Hokeyp] [Emu] Re: MSK but no EMSK
From: Madjid Nakhjiri <mnakhjiri at huawei.com>
Date: Tue, 21 Nov 2006 08:43:06 -0800
Cc:
In-reply-to: <279DDDAFA85EC74C9300A0598E704056F915FE@hdsmsx412.amr.corp.intel.com>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
Thread-index: AccJzklxPwF5M9khTom054JMBfhApwAFuvawAAOTFmAAAIoXQAAWFnowAM7jfiA=

I agree with Uri, We should not worry about non-compliant implementations,
that is the implementor's problem. 
3748 and EAP keying did not define use of EMSK, but they did forbid export
of EMSK last time I read the keying spec. Fortunately, Hokey is now
chartered to define usage of EMSK through deliverable 2 (generation of
USRK). So if there is a place where people are to use EMSK is supposed to
use, I guess the place to go get the spec is hokey.

I have kind of lost track of what this thread was trying to do, but as far
as use in Hokey, I think we can assume that the EAP method generates the
EMSK. The question in hokey is whether we use MSK or EMSK? And why? Or maybe
that was not the intention of the thread.

R,

Madjid



-----Original Message-----
From: hokeyp-bounces at opendiameter.org
[mailto:hokeyp-bounces at opendiameter.org] On Behalf Of Blumenthal, Uri
Sent: Friday, November 17, 2006 6:22 AM
To: hokeyp at opendiameter.org; emu at ietf.org
Subject: Re: [Hokeyp] [Emu] Re: MSK but no EMSK

>The discussion focuses on the problem EMSK is optional or mandatory.

I don't think this is a problem - GENERATION of EMSK is compulsoty as
spelled out in RFC 3578.

The problem is non-compliance. Some, er, people seem to think "the
standard says do A, but since I don't use A at the moment - I won't
bother."

>RFC3578 defined EMSK is mandatory, 

And that should be the end of discussion.

>                     but it is not used at all. 

First - do you know all the applications that use key-generating EAP
methods? But really - who cares? 

>If EMSK must be used, it is mandatory. if no, I think, 
>it may be better that it is optional.

VERY strongly disagree. Mandatory is what is explicitly specified as
mandatory, period. Otherwise many would implement just those pieces and
features of the standard that his particular product needs today.

(I'm proud of my restraint - not even once using a term "B*S*" :-)
_______________________________________________
Hokeyp mailing list
Hokeyp at opendiameter.org
http://www.opendiameter.org/mailman/listinfo/hokeyp



_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

References:
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK
  - From: Blumenthal, Uri

Prev by Date: RE: [Emu] Issue: Definition of Session-Id, Peer-Id, Server-Id for EAP GPSK
Next by Date: RE: [Hokeyp] [Emu] Re: MSK but no EMSK
Previous by thread: RE: [Hokeyp] [Emu] Re: MSK but no EMSK
Next by thread: RE: [Hokeyp] [Emu] Re: MSK but no EMSK
Index(es):
- Date
- Thread

RE: [Hokeyp] [Emu] Re: MSK but no EMSK

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.