| RE: Certificates, Discovery Request/Reply, and validation. | <– Date –> <– Thread –> |
From: Pat R. Calhoun (pcalhoun airespace.com)
|
|
| Date: 22 Jul 2003 19:48:12 -0000 | |
>> So how does the AP know that 802.1x will be required for a >> given mobile? > > Why does the AP need to know this? The AP needs to be capable > of authenticating a station irrespective of whether it is > 802.1x capable or not (HTTP redirect). well, clearly a policy needs to be satisfied before the user is granted access. Further, if 802.1x is required, then the AP needs to know because the beacons over the air must indicate that encryption will be required (here I am assuming 802.11 because the AP MUST be involved in encryption in the PANA architecture, so there is a message required from the AR to the AP with the specific keys, which of course needs to be secured). So if you have two SSIDs (one for 802.1x and one for HTTP redirect), you need two SSIDs (or one SSID advertised in two different ways), probably with different BSSIDs in order to really interoperate with today's clients. >> How does the AP get the 802.1x keys that it >> must use with the mobile? How does the AR handle load >> balancing? How does the AR handle 802.11e and 802.11i, or >> should the AP do it? What about 802.11h? What about 802.11k? > > Hmmm... At least PANA does not have any goals or objectives of > dealing with all these issues. correct. hence the biggest difference between PANA and LWAPP/CAPWAP. >> >> You see, the PANA architecture really only touches the tip of >> the iceberg. Moving towards a LWAPP architecture solves these >> issues, and significantly reduces the amount of protocol work >> required between the AP and the AR (because 802.11 terminates >> in the AR, so 802.11 *is* the protocol). >> >> We seem to be focused on EAP only, but again, I think the >> problem is much greater in scope - hence CAPWAP. > > I missed the CAPWAP BOF at IETF57. Is there an issue w.r.t the > scope of PANA and CAPWAP? The thread seems to indicate that to be > the case. yes, a point raised numerous times by Alper. > The CAPWAP objective may be to solve a greater set of > problems for 802.* networks. PANA is not a solution that is specific > to 802.* networks. There may be overlap in functionality but > I dont think that is necessarily a problem. ok PatC
- Re: Certificates, Discovery Request/Reply, and validation., (continued)
- Re: Certificates, Discovery Request/Reply, and validation. James Kempf, July 26 2003
- RE: Certificates, Discovery Request/Reply, and validation. Basavaraj.Patil, July 22 2003
-
RE: Certificates, Discovery Request/Reply, and validation. Pat R. Calhoun, July 22 2003
- Re: Certificates, Discovery Request/Reply, and validation. Yoshihiro Ohba, July 22 2003
- RE: Certificates, Discovery Request/Reply, and validation. Pat R. Calhoun, July 22 2003
- Re: Certificates, Discovery Request/Reply, and validation. Alper Yegin, July 22 2003
-
RE: Certificates, Discovery Request/Reply, and validation. Pat R. Calhoun, July 22 2003
-
Re: Certificates, Discovery Request/Reply, and validation. Alper Yegin, July 22 2003
- Scope of Charter Discussion (was: Re: [Lwapp] Certificates, Discovery Request/Reply, and validation.) James Kempf, July 26 2003
-
Re: Certificates, Discovery Request/Reply, and validation. Alper Yegin, July 22 2003
Results generated by Tiger Technologies using MHonArc.