EAP MSK: how is it transported between server and authenticator

Phil Mayers p.mayers at imperial.ac.uk
Fri Oct 10 14:25:15 CEST 2008


Richard Chan wrote:
> Simul-posting - tks! - I think that answers my question on what goes on in
> real deployments today.
> 
> I have a couple of quibbles though:
> 
> 
> "You don't give the MSK to the NAS, that would defeat the entire point - 
> MSK is private between the radius server and EAP client, and is used to 
> derive further keys."
> 
> According to RFC5247 the MSK is potentially transported to the NAS in 
> what it calls Phase Ib 'AAA Key transport'.

Yes sorry, as per my other email I am getting my terminology confused.



More information about the Freeradius-Users mailing list