EAP MSK: how is it transported between server and authenticator
Phil Mayers
p.mayers at imperial.ac.uk
Fri Oct 10 14:25:15 CEST 2008
Richard Chan wrote:
> Simul-posting - tks! - I think that answers my question on what goes on in
> real deployments today.
>
> I have a couple of quibbles though:
>
>
> "You don't give the MSK to the NAS, that would defeat the entire point -
> MSK is private between the radius server and EAP client, and is used to
> derive further keys."
>
> According to RFC5247 the MSK is potentially transported to the NAS in
> what it calls Phase Ib 'AAA Key transport'.
Yes sorry, as per my other email I am getting my terminology confused.
More information about the Freeradius-Users
mailing list