>>>>> "Bernard" == Bernard Aboba <bernarda@xxxxxxxxxxxxxxxxxxxxx> writes:
Bernard> O, I definitely think they are session keys. [BA] They
Bernard> are not TSKs according to the definition in the EAP Key
Bernard> Management Framework.
Bernard> That's true. But that definition is not normative for
Bernard> draft-housley-aaa-key-mgmt.
Bernard> [BA] If the documents are using a different definition of
Bernard> "session keys" then I think we need to make sure that the
Bernard> term is clearly defined in draft-housley to avoid
Bernard> confusion.
Sure, they should use a consistent definition, but for example, the
"master session key" really needs to be included in the definition of
session key.
Bernard> Again, I think that correctness of accounting in this
Bernard> instance is an additional requirement the key management
Bernard> framework puts on top of draft-housley-aaa-key-mgmt.
Bernard> [BA] The term "AAA" stands for authentication,
Bernard> authorization and accounting. Why would the correctness
Bernard> of accounting data be a requirement only for one
Bernard> particular AAA usage?
I think it is a true statement that draft-housley-aaa-key-mgmt does
not make this requirement about accounting; you are welcome to show me
text that I've missed about this issue in draft-housley-aaa-key-mgmt.
I take no stand on whether this should have been included in the AAA
key management draft other than to say that it is really late for
adding requirements of this form.
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf