Vidya:
My concern is the origins of this whole effort.
In March 2003, I was asked to put together criteria for acceptable
AAA key management. I received this request at the beginning of IETF
56, and it resulted in the "Key Management in AAA" presentation to
the AAA WG a few days later. This was the meeting where I was
appointed to the position of Security Area Director. The slides are
the basis of this document:
http://www.ietf.org/proceedings/03mar/slides/aaa-5/index.html
People asked for explanation of the bullets on two slides. This
document captures the verbal explanation that has been given many
times. The goal is to generate a BCP, putting an end to verbal lore.
As a result, this document is focused on AAA-based key management,
and while the principles surely apply to other contexts, it uses AAA
jargon and other AAA-specific stuff.
Russ
At 03:54 PM 11/7/2006, Narayanan, Vidya wrote:
> Vidya:
>
> > > I agree, the document is really addressing AAA/EAP key management.
> >
> >Why would the scope be limited to EAP? It seems to me that
> most, if not
> >all, of the requirements would be applicable to just about any
> >AAA-based key management protocol. Would it not be useful to
> generalize it?
>
> You are right. It is about AAA key management protocols,
> which includes various features of EAP, RADIUS, Diameter, and
> secure association protocols.
>
Hmmm, I was thinking that the scope could be broader than that. There
are key management protocols that try to re-use the AAA framework, some
just for transport and others for more than that. Many of these may
start with a PSK and define derivation of keys needed for the specific
application, but then use AAA for transport of the exchange and
generated keys.
Is there a reason why this document would not be applicable to such
scenarios?
Vidya
> Is the document introduction clear about the scope?
>
> Russ
>
>
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf