On Mon, Jul 1, 2019 at 4:11 PM Jouni Malinen <jkmali...@gmail.com> wrote:
> <snip> > > (2) S-IMCK[j] derivation when inner EAP methods in the sequence derive > both MSK and EMSK (or even more complicated, if there are multiple inner > EAP authentication methods that have difference in whether they derive MSK > or EMSK): > https://www.rfc-editor.org/errata/eid5770 > > [Joe] I'd like to hear from implementers on this one. I think the intent is that section 5.4 should say the S-IMCK is generated as specified as described in section 5.2. Section 5.2 does provide a mechanism to derive the S-IMCK at the end of the section. Each IMCK can be derived in one of 3 ways: - MSK - EMSK - 0s if the method is not key generating There is ambiguity on how to derive each IMSK in the case that both sides do not have the same capability to export the EMSK. I think the steps involving the compound MAC are meant to disambiguate this situation. Is the problem that the section does not explicitly say how to use the compound MAC sent to determine which IMCK derivation to use? > I'd hope to avoid having to guess or make my own specification of how this > is supposed to work before being able to implement this (and then have to > re-implement everything if others disagree with that interpretation/guess > on the design), so any feedback on these items would be very welcome so > that there would be a general agreement on how the protocol is supposed to > work to provide better chances for getting interoperable implementations. > > - Jouni > > _______________________________________________ > Emu mailing list > Emu@ietf.org > https://www.ietf.org/mailman/listinfo/emu >
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
