Re: EMSK key hierarchy and the DSRK

On Wed, March 19, 2008 9:53 am, Lakshminath Dondeti wrote:
> The DSRK can be scoped just as the EMSK can be scoped.
  Really? Is there any context that it can be bound to?

  Furthermore, what is the _purpose_ of this key? Why would someone choose
to derive a DSRK or choose not to derive a DSRK for some particular
hierarchy? If it's just a "some like coke while others like pepsi" kind
of argument then that's just more reason to get rid of it. Experience
from the glamor ciphers and hash algorithms in IKE shows that such
pointless options really have a deleterious affect on the standard.

  regards,

  Dan.

> regards,
> Lakshminath
>
> On 3/19/2008 9:45 AM, Dan Harkins wrote:
> >   Hello,
> >
> >   My apologies for being obtuse. This Mother of All Root Keys I've been
> > describing is what the EMSK Key Hierarchy calls the DSRK.
> >
> >   The "HOKEY key" that the ERP/ERX draft uses can be derived in one of
> > two ways:
> >
> >     EMSK
> >       |
> >     USRK    <-- the "HOKEY key", aka rRK
> >
> > or like this:
> >
> >     EMSK
> >       |
> >     DSRK    <--- the MOARK
> >       |
> >    DSUSRK   <-- the "HOKEY key", aka rRK
> >
> > This latter derivation is the one that will be used in practice, I
> > believe.
> >
> >   This DSRK is not properly defined and cannot be properly scoped. It
> > really has nothing to do with "Handover Keying" which is what HOKEY is
> > supposed to be working on. I believe the DSRK is problematic and the
> > ability to derive a DSRK should be removed from the ESMK key hierarchy
> > draft and the corresponding change be made to the ERP/ERX draft to
> > remove
> > reference to using a DSRK to derive HOKEY keys.
> >
> >   This change would also simplify the key hierarchy and remove a
> > "you can do it this way, or you can do it that way" option which
> > experience has shown is a really bad idea.
> >
> >   regards,
> >
> >   Dan.
> >
> > On Tue, March 18, 2008 6:22 pm, Dan Harkins wrote:
> > >   Hi Avi,
> > >
> > > On Tue, March 18, 2008 3:13 pm, Avi Lior wrote:
> > > [snip]
> > > > I suggest we discuss the issues with deriving keys from EMSK so that
> > > > people can make informed decisions.  Lets keep the FUD factor low.
> > >   Good idea. Can we start with the Mother Of All Root Keys (MOARK) that
> > > is derived from the EMSK? This seems like a particularly un-scope-able
> > > and undefined key. It is not needed for Handover Keying; all HOKEY
> > > needed
> > > to do was define a HOKEY-specific key from the EMSK but it didn't, it
> > > defined a MOARK, and then a HOKEY-specific key is being derived from
> > > the
> > > MOARK.
> > >
> > >   Since the MOARK is really the only key being derived from the EMSK
> > > I guess this makes for a nicely constrained discussion.
> > >
> > >   Dan.
> > >
> > >
> > >
> > > _______________________________________________
> > > IETF mailing list
> > > IETF(_at_)ietf(_dot_)org
> > > https://www.ietf.org/mailman/listinfo/ietf
> >
> > _______________________________________________
> > IETF mailing list
> > IETF(_at_)ietf(_dot_)org
> > https://www.ietf.org/mailman/listinfo/ietf

_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf