| Re: [Issue 200] channel binding threats | <– Date –> <– Thread –> |
From: Bernard Aboba (aboba internaut.com)
|
|
| Date: Sun, 30 Nov 2003 10:20:54 -0600 (CST) | |
It seems to me that the "false SSID" attack brought up by Michael Richardson as part of the "network selection" thread is another variation on the "channel binding" attack that is discussed in Issue 200. That is, the AP advertises an SSID to the user, but presumably does not include this SSID in the Called-Station-Id sent to the AAA server. Can someone take a look at the proposed resolution of Issue 200 and determine whether the issue is being adequately handled? My understanding is that including an exchange of SSIDs within the EAP method would allow the station and AAA server to determine that the AP had launched this attack.
-
Re: [Issue 200] channel binding threats Bernard Aboba, November 30 2003
- Re: Re: [Issue 200] channel binding threats Jari Arkko, December 1 2003
Results generated by Tiger Technologies using MHonArc.