Hi Jari, On Thu, March 13, 2008 8:49 pm, Jari Arkko wrote: > Avi, > >>> For what it is worth, this ex-EAP co-chair also thinks that >>> the use of EAP keys for applications is a very bad idea. >>> >> >> Why? >> > > For a number of reasons. Take this from someone who has actually tried > to do this in the distant past and has realized that it was a bad idea. > > But first let me clarify that I'm not criticizing HOKEY for EAP keys in > any way; HOKEY is a fine application for EAP keys. The document that > started this thread can be fixed by better IANA and applicability > sections. I've also changed the subject to reflect the new topic. Actually I think it's a little more technical than editorial. This problem is due to the fact that HOKEY is extracting a key derived from the EMSK and making that "The Mother Of All Root Keys" (MOARK), which can be used to derive all keys for all purposes to solve all problems in the world. The document can be fixed by removing the MOARK from the draft and having HOKEY define a _HOKEY-specific_ key derived from the EMSK. That HOKEY-specific key is used for HOKEY and HOKEY only. If some other key usage is needed then it can define another way to extract it's needed keying material from the EMSK, and hopefully that process would be done in the IETF (at least the chances are greater that it would be done in the IETF if it's based on the EMSK and not the MOARK). This has the added benefit of simplifying the key hierarchy. regards, Dan. _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf