So, When a STA has associated with an AP, and starts the EAP-TLS (or any other EAP method) process, it exhchages its certs mutually bla bla bla, and all is good, we get an eap-sucess message.
Now, in the radius portion of the eap-sucess message, the AS sends the AP (authentication) the MSK that the AS has generated by some means.
Great, AS has an MSK and now can derive the PMK
Now the questions
1. What about the supplicant, what does he use for the MSK?
2. Does the AS send the supplicant the same MSK?
3. If the supplicant and AS are generating different MSKs, is there some sort of link between them that when they dervive their PMKs, the work together?
4. How is the actual MSK derived, is it from the eap-identity-request packets in the early stages of the eap exchange, of if using eap-tls, is another parameter taken from the certificate to generate the MSK?
HELP PLEASE - ITS DRIVING ME MAD.
Thanks to all,