Hello,
My apologies for being obtuse. This Mother of All Root Keys I've been
describing is what the EMSK Key Hierarchy calls the DSRK.
The "HOKEY key" that the ERP/ERX draft uses can be derived in one of
two ways:
EMSK
|
USRK <-- the "HOKEY key", aka rRK
or like this:
EMSK
|
DSRK <--- the MOARK
|
DSUSRK <-- the "HOKEY key", aka rRK
This latter derivation is the one that will be used in practice, I believe.
This DSRK is not properly defined and cannot be properly scoped. It
really has nothing to do with "Handover Keying" which is what HOKEY is
supposed to be working on. I believe the DSRK is problematic and the
ability to derive a DSRK should be removed from the ESMK key hierarchy
draft and the corresponding change be made to the ERP/ERX draft to remove
reference to using a DSRK to derive HOKEY keys.
This change would also simplify the key hierarchy and remove a
"you can do it this way, or you can do it that way" option which
experience has shown is a really bad idea.
regards,
Dan.
On Tue, March 18, 2008 6:22 pm, Dan Harkins wrote:
>
> Hi Avi,
>
> On Tue, March 18, 2008 3:13 pm, Avi Lior wrote:
> [snip]
>> I suggest we discuss the issues with deriving keys from EMSK so that
>> people can make informed decisions. Lets keep the FUD factor low.
>
> Good idea. Can we start with the Mother Of All Root Keys (MOARK) that
> is derived from the EMSK? This seems like a particularly un-scope-able
> and undefined key. It is not needed for Handover Keying; all HOKEY needed
> to do was define a HOKEY-specific key from the EMSK but it didn't, it
> defined a MOARK, and then a HOKEY-specific key is being derived from the
> MOARK.
>
> Since the MOARK is really the only key being derived from the EMSK
> I guess this makes for a nicely constrained discussion.
>
> Dan.
>
>
>
> _______________________________________________
> IETF mailing list
> IETF@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ietf
>
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf