Specification for the Derivation of Usage Specific Root Keys (USRK) from an Extended Master Session Key (EMSK)

Document Type Replaced Internet-Draft (individual)
Last updated 2008-12-01 (latest revision 2006-06-27)
Replaced by draft-ietf-hokey-emsk-hierarchy
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-hokey-emsk-hierarchy
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


An Extended Master Session Key (EMSK) is a cryptographic key generated from an Extensible Authentication Protocol (EAP) exchange reserved solely for the purpose of deriving master keys for one or more purposes identified as usage definitions. This document specifies a mechanism for deriving cryptographically separate root keys from the EMSK, called usage specific root Keys (USRK). The document provides a set of requirements for avoiding conflicts between usage definitions to ensure this cryptographic separation. The USRK is used according to the usage definition defined for a specific purpose.


Joseph Salowey (jsalowey@cisco.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)