For what it is worth, this ex-EAP co-chair also thinks that the use of
EAP keys for applications is a very bad idea. And I too am concerned
about introducing walled gardens through this.
Having said that, I think there are legitimate uses of EMSK in the area
of network access, such as various fast handover proposals in EAP. My
understanding is that HOKEY is working on this. So perhaps one potential
direction for resolving your issues is to provide a much stricter IANA
section and an applicability note.
I realize that this does not prevent people from grabbing values. But I
note that I know of one case at least where this has already happened,
even without an IETF specification. Arguably the situation with a
(sufficiently tight) spec might be better, because we can use the spec
to explain what usage is inappropriate. I realize we have RFC 3748
already, but since use of EMSK has been an IETF topic for 5+ years, I
think it would be reasonable to state what the final rules are on taking
specific keys out of the EMSK.
Disclaimer: I read the draft very quickly after your note, and have not
done a full review. I will do a very in-depth review when this document
comes to the IESG.
IETF mailing list