The current draft test specifies the following for key derivation: Type-Code = 0x0D MSK = TLS-Exporter("EXPORTER_EAP_TLS_MSK_"+Type-Code, "",64) EMSK = TLS-Exporter("EXPORTER_EAP_TLS_EMSK_"+Type-Code, "",64) Method-Id = TLS-Exporter("EXPORTER_EAP_TLS_Method-Id_"+Type-Code, "",64) Session-Id = Type-Code || Method-Id
A zero-length context (indicated by "") is used in the TLS exporter interface. The EAP-TLS Type-Code of '0D' (in hexadecimal) is appended to the label strings. Other TLS based EAP methods can use exporters in a similar fashion by replacing the EAP-TLS Type-Code with their own Type-Code (encoded as a hexadecimal string). The main alternative proposals are to 1) include identity information in the context and 2) include the type code in the context instead of the label. 1) has not received support from the working group 2) is a viable alternative, but it really isn't in the spirit of the context. The proposed resolution is to use the type-code in the label as defined above and in draft-14. Please comment on this thread if you disagree. Cheers, Joe
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu