{"draft":"draft-ietf-hokey-key-mgm-13","doc_id":"RFC5749","title":"Distribution of EAP-Based Keys for Handover and Re-Authentication","authors":["K. Hoeper, Ed.","M. Nakhjiri","Y. Ohba, Ed."],"format":["ASCII","HTML"],"page_count":"12","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Handover Keying","abstract":"This document describes an abstract mechanism for delivering root\r\nkeys from an Extensible Authentication Protocol (EAP) server to\r\nanother network server that requires the keys for offering security\r\nprotected services, such as re-authentication, to an EAP peer.  The\r\ndistributed root key can be either a usage-specific root key (USRK),\r\na domain-specific root key (DSRK), or a domain-specific usage-\r\nspecific root key (DSUSRK) that has been derived from an Extended\r\nMaster Session Key (EMSK) hierarchy previously established between\r\nthe EAP server and an EAP peer.  This document defines a template for\r\na key distribution exchange (KDE) protocol that can distribute these\r\ndifferent types of root keys using a AAA (Authentication,\r\nAuthorization, and Accounting) protocol and discusses its security\r\nrequirements.  The described protocol template does not specify\r\nmessage formats, data encoding, or other implementation details.  It\r\nthus needs to be instantiated with a specific protocol (e.g., RADIUS\r\nor Diameter) before it can be used.  [STANDARDS-TRACK]","pub_date":"March 2010","keywords":["[--------]","security","authentication","mobility","EAP","key management","key distribution"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC5749","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc5749"}