...
Can you tell me one use for a key name that is an incomprehensible
string of random bits?
"Delete all keys associated with 0x58d610a8ff4128c9"
"uhm, ok"
If not then don't you agree the current key naming scheme is
completely useless?
I don't think that it's really much worse for the purposes you describe
then a name based on EAP Session-Id, since the Session-Id is itself
pretty close to being an "incomprehensible string of random bits". From
draft-ietf-eap-keying-22.txt: 'Where non-expanded EAP Type Codes are
used (EAP Type Code not equal to 254), the EAP Session-Id is the
concatenation of the single octet EAP Type Code and a temporally unique
identifier obtained from the method (known as the Method-Id)...The
Method-Id is typically constructed from nonces or counters used within
the EAP method exchange.'
Doesn't sound particularly readable to me; in any case, I don't think
that it really matters (for the purposes you describe, however unlikely
they may be) what the key name looks like. What matters is how easy it
is to find the key, which depends upon the structure of the database in
which it resides.
Dan.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf