Re: [Hokeyp] [Emu] Re: MSK but no EMSK

To: "Yoshihiro Ohba" <yohba at tari.toshiba.com>
Subject: Re: [Hokeyp] [Emu] Re: MSK but no EMSK
From: "Charles Clancy" <clancy at cs.umd.edu>
Date: Sun, 26 Nov 2006 09:14:42 -0500 (EST)
Cc: "Blumenthal, Uri" <uri.blumenthal at intel.com>, hokeyp at opendiameter.org, emu at ietf.org
Importance: Normal
In-reply-to: <20061122140709.GF10177@steelhead>
List-archive: <http://www1.ietf.org/pipermail/emu>
List-help: <mailto:emu-request@ietf.org?subject=help>
List-id: "EAP Methods Update \(EMU\)" <emu.ietf.org>
List-post: <mailto:emu@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/emu>, <mailto:emu-request@ietf.org?subject=unsubscribe>
References: <279DDDAFA85EC74C9300A0598E704056FE6D70@hdsmsx412.amr.corp.intel.com> <20061122114656.GC10177@steelhead> <7.0.1.0.2.20061122092631.06f3dd58@qualcomm.com> <20061122140709.GF10177@steelhead>
User-agent: SquirrelMail/1.4.5

On Wed, November 22, 2006 9:07 am, Yoshihiro Ohba wrote:

> A HOKEY compliant implementation should be able to revert to the
> legacy mode of operation (i.e., use of MSK in the current way) so that
> it still interoperates with a HOKEY non-compliant implementation
> without ending up with a communication failure or changing the HOKEY
> non-compliant implementation.  Note that a HOKEY non-compliant
> implementation is still RFC3748 compliant as long as it generates MSK
> and EMSK even if it does not use EMSK.

Let me point this out again.  In order to support HOKEY, EAP
implementations MUST change to implement the reauth protocols.  Thus, I
don't understand why fixing broken methods to export the EMSK at the same
time is such a big deal.

I'm not convinced by the certification arguments.  EAP implementations
will all have to be recertified by whomever to check HOKEY compatability
anyway.  Proper use of the EMSK would be tested then.

I'm also not convinced by the versioning arguments, since you'd never need
to use the EMSK if you weren't executing some HOKEY reauth protocol.  If
an implementation didn't derive/export the EMSK, then it has no business
executing a reauth.  By executing a reauth, an implementation is
implicitly signaling that it can derive EMSKs for the originally-executed
method.

-- 
t. charles clancy, ph.d.  <>  tcc at umd.edu  <>  www.cs.umd.edu/~clancy

_______________________________________________
Emu mailing list
Emu at ietf.org
https://www1.ietf.org/mailman/listinfo/emu

Follow-Ups:
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK
  - From: Yoshihiro Ohba

References:
- RE: [Hokeyp] [Emu] Re: MSK but no EMSK
  - From: Blumenthal, Uri
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK
  - From: Yoshihiro Ohba
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK
  - From: Lakshminath Dondeti
- Re: [Hokeyp] [Emu] Re: MSK but no EMSK
  - From: Yoshihiro Ohba

Prev by Date: RE: [Hokeyp] [Emu] Re: MSK but no EMSK
Next by Date: Re: [Hokeyp] [Emu] Re: MSK but no EMSK
Previous by thread: Re: [Hokeyp] [Emu] Re: MSK but no EMSK
Next by thread: Re: [Hokeyp] [Emu] Re: MSK but no EMSK
Index(es):
- Date
- Thread

Re: [Hokeyp] [Emu] Re: MSK but no EMSK

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.