On May 9, 2021, at 1:54 PM, Joseph Salowey <[email protected]> wrote: > > We had discussion on the list on whether to include context in the key > derivation, but we never closed on the issue of separating out the MSK and > EMSK derivation. As a result several implementers have gone down the path of > implementing what is in draft 13 and not separating out the derivation. The > main difference is that draft 15 separated out the EMSK and MSK derivation > using two different labels while draft 13 used a single label to derive key > material which is partitioned into two keys. The reason for the change was > to enable different access control for these two different quantities for > different callers, however in practice it is EAP-TLS application which needs > access to both keys that is the caller of the TLS library so this separation > is not particularly useful. Therefore the recommendation is to align with > implementation and derive the MSK and EMSK by partitioning the key material > from the key material produced by a single label of the exporter function. > > Please respond to the list if you support the change below or not to revert > some of the text in the key derivation section. If you object to the change > please state why. Please respond by May 20,2021.
We should revert to the -13 key derivations. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
