"Distribution of EAP based keys for handover and re-authentication", Katrin Hoeper, Yoshihiro Ohba, 7-Aug-09. ( bytes): This document describes a mechanism for delivering root keys from an Extensible Authentication Protocol (EAP) server to another network server that requires the keys for offering security protected services, such as re-authentication, to an EAP peer. The distributed root key can be either a usage-specific root key (USRK), a domain- specific root key (DSRK) or a domain-specific usage-specific root key (DSUSRK) that has been derived from an Extended Master Session Key (EMSK) hierarchy previously established between the EAP server and an EAP peer. The document defines a key distribution exchange (KDE) protocol that can distribute these different types of root keys over AAA and discusses its security requirements.
"Extensible Authentication Protocol (EAP) Early Authentication Problem Statement", Yoshihiro Ohba, Glen Zorn, 7-Jul-09. ( bytes): Extensible Authentication Protocol early authentication may be defined as the use of EAP by a mobile device to establish authenticated keying material on a target attachment point prior to its arrival. This draft discusses the EAP early authentication problem in detail.

IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.