[Top] [All Lists]

EMSK key hierarchy and the DSRK

2008-03-19 09:46:18


  My apologies for being obtuse. This Mother of All Root Keys I've been
describing is what the EMSK Key Hierarchy calls the DSRK.

  The "HOKEY key" that the ERP/ERX draft uses can be derived in one of
two ways:

    USRK    <-- the "HOKEY key", aka rRK

or like this:

    DSRK    <--- the MOARK
   DSUSRK   <-- the "HOKEY key", aka rRK

This latter derivation is the one that will be used in practice, I believe.

  This DSRK is not properly defined and cannot be properly scoped. It
really has nothing to do with "Handover Keying" which is what HOKEY is
supposed to be working on. I believe the DSRK is problematic and the
ability to derive a DSRK should be removed from the ESMK key hierarchy
draft and the corresponding change be made to the ERP/ERX draft to remove
reference to using a DSRK to derive HOKEY keys.

  This change would also simplify the key hierarchy and remove a
"you can do it this way, or you can do it that way" option which
experience has shown is a really bad idea.



On Tue, March 18, 2008 6:22 pm, Dan Harkins wrote:

  Hi Avi,

On Tue, March 18, 2008 3:13 pm, Avi Lior wrote:
I suggest we discuss the issues with deriving keys from EMSK so that
people can make informed decisions.  Lets keep the FUD factor low.

  Good idea. Can we start with the Mother Of All Root Keys (MOARK) that
is derived from the EMSK? This seems like a particularly un-scope-able
and undefined key. It is not needed for Handover Keying; all HOKEY needed
to do was define a HOKEY-specific key from the EMSK but it didn't, it
defined a MOARK, and then a HOKEY-specific key is being derived from the

  Since the MOARK is really the only key being derived from the EMSK
I guess this makes for a nicely constrained discussion.


IETF mailing list

IETF mailing list