On May 9, 2021, at 1:54 PM, Joseph Salowey <[email protected]> wrote:
> 
> We had discussion on the list on whether to include context in the key 
> derivation, but we never closed on the issue of separating out the MSK and 
> EMSK derivation.  As a result several implementers have gone down the path of 
> implementing what is in draft 13 and not separating out the derivation.  The 
> main difference is that draft 15 separated out the EMSK and MSK derivation 
> using two different labels while draft 13 used a single label to derive key 
> material which is partitioned into two keys.   The reason for the change was 
> to enable different access control for these two different quantities for 
> different callers, however in practice it is EAP-TLS application which needs 
> access to both keys that is the caller of the TLS library so this separation 
> is not particularly useful.   Therefore the recommendation is to align with 
> implementation and derive the MSK and EMSK by partitioning the key material 
> from the key material produced by a single label of the exporter function. 
> 
> Please respond to the list if you support the change below or not to revert 
> some of the text in the key derivation section.  If you object to the change 
> please state why.  Please respond by May 20,2021.

  We should revert to the -13 key derivations.

  Alan DeKok.

_______________________________________________
Emu mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/emu

Reply via email to