The current draft test specifies the following for key derivation:
Type-Code = 0x0D
MSK = TLS-Exporter("EXPORTER_EAP_TLS_MSK_"+Type-Code,
"",64)
EMSK = TLS-Exporter("EXPORTER_EAP_TLS_EMSK_"+Type-Code,
"",64)
Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id_"+Type-Code,
"",64)
Session-Id = Type-Code || Method-Id
A zero-length context (indicated by "") is used in the TLS exporter
interface. The EAP-TLS Type-Code of '0D' (in hexadecimal) is
appended to the label strings. Other TLS based EAP methods can use
exporters in a similar fashion by replacing the EAP-TLS Type-Code
with their own Type-Code (encoded as a hexadecimal string).
The main alternative proposals are to 1) include identity information
in the context and 2) include the type code in the context instead of
the label.
1) has not received support from the working group
2) is a viable alternative, but it really isn't in the spirit of the context.
The proposed resolution is to use the type-code in the label as
defined above and in draft-14. Please comment on this thread if you
disagree.
Cheers,
Joe
_______________________________________________
Emu mailing list
Emu@ietf.org
https://www.ietf.org/mailman/listinfo/emu
