I agree with removing DSRK. Let me explain one of Dan's points in a different way. The domain in DSRK is defined for key management domain for HOKEY, and ERX is the only usage defined for HOKEY. It would be very hard to justify deriving child keys from DSRK for usages other than HOKEY, given this situation. Yoshihiro Ohba On Wed, Mar 19, 2008 at 09:45:47AM -0700, Dan Harkins wrote: > > Hello, > > My apologies for being obtuse. This Mother of All Root Keys I've been > describing is what the EMSK Key Hierarchy calls the DSRK. > > The "HOKEY key" that the ERP/ERX draft uses can be derived in one of > two ways: > > EMSK > | > USRK <-- the "HOKEY key", aka rRK > > or like this: > > EMSK > | > DSRK <--- the MOARK > | > DSUSRK <-- the "HOKEY key", aka rRK > > This latter derivation is the one that will be used in practice, I believe. > > This DSRK is not properly defined and cannot be properly scoped. It > really has nothing to do with "Handover Keying" which is what HOKEY is > supposed to be working on. I believe the DSRK is problematic and the > ability to derive a DSRK should be removed from the ESMK key hierarchy > draft and the corresponding change be made to the ERP/ERX draft to remove > reference to using a DSRK to derive HOKEY keys. > > This change would also simplify the key hierarchy and remove a > "you can do it this way, or you can do it that way" option which > experience has shown is a really bad idea. > > regards, > > Dan. > > On Tue, March 18, 2008 6:22 pm, Dan Harkins wrote: > > > > Hi Avi, > > > > On Tue, March 18, 2008 3:13 pm, Avi Lior wrote: > > [snip] > >> I suggest we discuss the issues with deriving keys from EMSK so that > >> people can make informed decisions. Lets keep the FUD factor low. > > > > Good idea. Can we start with the Mother Of All Root Keys (MOARK) that > > is derived from the EMSK? This seems like a particularly un-scope-able > > and undefined key. It is not needed for Handover Keying; all HOKEY needed > > to do was define a HOKEY-specific key from the EMSK but it didn't, it > > defined a MOARK, and then a HOKEY-specific key is being derived from the > > MOARK. > > > > Since the MOARK is really the only key being derived from the EMSK > > I guess this makes for a nicely constrained discussion. > > > > Dan. > > > > > > > > _______________________________________________ > > IETF mailing list > > IETF@xxxxxxxx > > https://www.ietf.org/mailman/listinfo/ietf > > > > > _______________________________________________ > HOKEY mailing list > HOKEY@xxxxxxxx > https://www.ietf.org/mailman/listinfo/hokey > _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf