Specification for the Derivation of Root Keys from an Extended Master Session Key (EMSK)
RFC 5295
Document Type RFC - Proposed Standard (August 2008; Errata)
Last updated 2015-10-14
Replaces draft-salowey-eap-emsk-deriv
Stream IETF
Formats plain text pdf htmlized with errata bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5295 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Tim Polk
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                         J. Salowey
Request for Comments: 5295                                 Cisco Systems
Updates: 5247                                                 L. Dondeti
Category: Standards Track                                   V. Narayanan
                                                           Qualcomm, Inc
                                                             M. Nakhjiri
                                                                Motorola
                                                             August 2008

             Specification for the Derivation of Root Keys
               from an Extended Master Session Key (EMSK)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   The Extensible Authentication Protocol (EAP) defined the Extended
   Master Session Key (EMSK) generation, but reserved it for unspecified
   future uses.  This memo reserves the EMSK for the sole purpose of
   deriving root keys.  Root keys are master keys that can be used for
   multiple purposes, identified by usage definitions.  This document
   also specifies a mechanism for avoiding conflicts between root keys
   by deriving them in a manner that guarantees cryptographic
   separation.  Finally, this document also defines one such root key
   usage: Domain-Specific Root Keys are root keys made available to and
   used within specific key management domains.

Salowey, et al.             Standards Track                     [Page 1]
RFC 5295                EMSK Root Key Derivation             August 2008

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Applicable Usages of Keys Derived from the EMSK  . . . . .  3
     1.2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5
   2.  Cryptographic Separation and Coordinated Key Derivation  . . .  6
   3.  EMSK Key Root Derivation Framework . . . . . . . . . . . . . .  7
     3.1.  USRK Derivation  . . . . . . . . . . . . . . . . . . . . .  8
       3.1.1.  On the KDFs  . . . . . . . . . . . . . . . . . . . . .  9
       3.1.2.  Default KDF  . . . . . . . . . . . . . . . . . . . . .  9
     3.2.  EMSK and USRK Name Derivation  . . . . . . . . . . . . . . 10
   4.  Domain-Specific Root Key Derivation  . . . . . . . . . . . . . 11
     4.1.  Applicability of Multi-Domain Usages . . . . . . . . . . . 12
   5.  Requirements for Usage Definitions . . . . . . . . . . . . . . 13
     5.1.  Root Key Management Guidelines . . . . . . . . . . . . . . 13
   6.  Requirements for EAP System  . . . . . . . . . . . . . . . . . 14
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 15
     7.1.  Key Strength . . . . . . . . . . . . . . . . . . . . . . . 15
     7.2.  Cryptographic Separation of Keys . . . . . . . . . . . . . 15
     7.3.  Implementation . . . . . . . . . . . . . . . . . . . . . . 15
     7.4.  Key Distribution . . . . . . . . . . . . . . . . . . . . . 16
     7.5.  Key Lifetime . . . . . . . . . . . . . . . . . . . . . . . 16
     7.6.  Entropy Consideration  . . . . . . . . . . . . . . . . . . 16
   8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 16
     8.1.  Key Labels . . . . . . . . . . . . . . . . . . . . . . . . 17
     8.2.  PRF Numbers  . . . . . . . . . . . . . . . . . . . . . . . 18
   9.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18
   10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19
     10.1. Normative References . . . . . . . . . . . . . . . . . . . 19
     10.2. Informative References . . . . . . . . . . . . . . . . . . 19

Salowey, et al.             Standards Track                     [Page 2]
RFC 5295                EMSK Root Key Derivation             August 2008

1.  Introduction

   This document deals with keys generated by authenticated key exchange
   mechanisms defined within the EAP framework [RFC3748].  EAP defines
   two types of keying material: a Master Session Key (MSK) and an
   Extended Master Session Key (EMSK).  The EAP specification implicitly
   assumes that the MSK produced by EAP will be used for a single
   purpose at a single device; however, it does reserve the EMSK for
   future use.  This document defines the EMSK to be used solely for
   deriving root keys using the key derivation specified.  The root keys
   are meant for specific purposes called usages; a special usage class
   is the Domain-Specific Root Keys made available to and used within
   specific key management domains.  This document also provides
   guidelines for creating usage definitions for the various uses of EAP
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools