1  2  3  4  5 

Acceptable solution MUST also …
Perform client and NAS authorization
Maintain confidentiality of session keys
Confirm selection of “best” ciphersuite
Uniquely name session keys
Compromise of a single NAS cannot compromise any other part of the system, including session keys and long-term keys
Bind key to appropriate context
PPT Version