Whats got me thinking is the "important note". When they say "the radio loses all of its keys" it sounds to me like they mean ALL of the keys, not just TEKs but also all the KEKs as well and this is a request for the KMF to send a new KEK to facilitate re-keying the TEKs. Otherwise, if the KEKs were still present than OTAR would still be possible with a simple re-key request and this exchange would not be necessary.Astro25 CPS wrote: OTAR Generate Key-Loss Key
(Secure Configuration, General)
Definition
Enables the radio to automatically transmit a Key-Loss Key signal notifying the ASTRO OTAR or the MDC OTAR Key Management Facility (KMF) that a new encryption key is needed for the current radio. This new encryption key is used for encrypting OTAR (Over-The-Air-Rekeying) messages. Once the KMF receives the Key-Loss Key signal, a new encryption key is transmitted to the radio for the purpose of receiving additional encryption keys.
Important Note
When disabled, if the radio loses all of its keys, it is then not possible to rekey the radio over the air.
My question is what exactly is going back and forth between the subscriber and the KMF in the Key-loss key signal exchange if the radio now has no KEKs in it to decode inbound KMF messages? The key-less radio is obviously saying "I need a new KEK" but how is the KMF getting the new KEK back to the radio without sending it in the clear, or is it doing just that?
Thanks for any insight.