Hi Russ, > >And how would we apply this to EAP? There is no authenticator ID known to > >EAP peer, yet they share an MSK. > > I believe that this is being addressed in draft-ietf-eap-keying. Can you please provide a pointer? It has peer-id and server-ids defined. But even that has issues, as these are EAP-method exports, and not always available. > > o The expected lifetime of the keying material. > > > >Does it make sense to mention something like "Lifetime of a child key > MUST > >NOT be greater than the lifetime of its parent in the key hierarchy."? > > This is a very good principle, but I think SHOULD NOT is more appropriate. I'm wondering why we open the door for children keys living longer than the parent key. > > For this reason, EAP methods SHOULD > > provide a mechanism for identity protection of EAP peers, but > > such protection is not a requirement. > > > > > >"SHOULD" and "not a requirement" seem to clash. We should either make it > a > >"MAY", or remove the ",but ...". > > All methods do not have to have a mechanism for identity protection, > but we encourage them to have one. I understand. What is the affect of "SHOULD but not a requirement"? Is this like a "SHOULD-"? I mean, what do we lose if we drop the "but such a protection is not a requirement"? Regards, Alper _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf