Please comment on
the clarifications on keying material provided below. I know its too late to get
into the ballot, However I do value your comments.
An Sac's keying material [e.g. Data Encryption
Standard (DES) key and CTC
Initialization Vector] has a limited lifetime. When the BS delivers SA
keying material to an SS, it also provides the SS with that material's remaining
lifetime. It is the responsibility of the SS to request new keying
material from the BS before the set of keying material that the SS currently
holds expires at the BS. Should the current
keying material expire before a new set of keying material is received, the SS
shall perform network entry as described in 6.3.9. Should the
authorization keying material or keying material associated with the primary SA
expire, the SS shall perform network entry as described in 6.3.9. Should the keying material associated
with a static or dynamic SA expire, the BS removes SA keying material. The PKM protocol specifies how SS
and BS maintain key synchronization.
Thanks,
Steve