"Derivation, delivery and management of EAP based keys for handover and re-authentication", Yoshihiro Ohba, 19-Oct-08. ( bytes): This document describes a mechanism for delivering a usage-specific root key (USRK), a domain-specific root key (DSRK) and a usage- specific domain-specific root key (USDSRK) using RADIUS. The root keys are derived as part of an Extended Master Session Key (EMSK) hierarchy in Extensible Authentication Protocol (EAP), and delivered from a server to an intended third-party key holder. The mechanism supports different scenarios for key delivery, depending on the type of keys being delivered. The mechanism description includes the definition for a key distribution exchange (KDE) protocol.
"EAP Pre-authentication Problem Statement", Yoshihiro Ohba, 9-Sep-08. ( bytes): EAP (Extensible Authentication Protocol) pre-authentication is defined as the use of EAP to pre-establish EAP keying material on a target authenticator prior to arrival of the peer at the access network managed by that authenticator. This draft discusses EAP pre- authentication problems in detail.

IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.