> From: Artur Hecker > To: [EMAIL PROTECTED] > Cc: Raghu > Sent: 8/2/2002 5:46 PM > Subject: Re: question about EAP danymic keys generation
> Raghu, Henrik: please correct/complete my input. I'm not Raghu or Henrik, but your description is correct. One minor detail you didn't include is that the supplicant and authentication server derives two (256-bit) keys. One is used to encrypt the key field in the EAPOL-Key message and the other is used to sign it. > Personal remark: i said it doesn't matter much, because in my opinion > there are better ways to do that. i would probably never send any > unicast keys to the supplicant since it can produce them on his own, but > ok, it seems to work in this way for whatever reason. I guess that one advantage with doing it this way is that it is possible to rekey (update the WEP keys) without redoing the TLS authentication. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
