... > Can you tell me one use for a key name that is an incomprehensible > string of random bits? > > "Delete all keys associated with 0x58d610a8ff4128c9" > > "uhm, ok" > > If not then don't you agree the current key naming scheme is > completely useless? I don't think that it's really much worse for the purposes you describe then a name based on EAP Session-Id, since the Session-Id is itself pretty close to being an "incomprehensible string of random bits". From draft-ietf-eap-keying-22.txt: 'Where non-expanded EAP Type Codes are used (EAP Type Code not equal to 254), the EAP Session-Id is the concatenation of the single octet EAP Type Code and a temporally unique identifier obtained from the method (known as the Method-Id)...The Method-Id is typically constructed from nonces or counters used within the EAP method exchange.' Doesn't sound particularly readable to me; in any case, I don't think that it really matters (for the purposes you describe, however unlikely they may be) what the key name looks like. What matters is how easy it is to find the key, which depends upon the structure of the database in which it resides. > > Dan. _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf