| RE: Issue 286: Security | <– Date –> <– Thread –> |
From: Bari, Farooq (Farooq.Bari cingular.com)
|
|
| Date: Sun, 13 Feb 2005 20:47:11 -0500 (EST) | |
Hi Bernard, Pls see my comments below. > -----Original Message----- > From: eap-admin [at] frascone.com [mailto:eap-admin [at] frascone.com] On > Behalf Of > Bernard Aboba > Sent: Sunday, February 13, 2005 12:09 PM > To: eap [at] frascone.com > Subject: [eap] Issue 286: Security > > It seems that the crux of the issue here is the appropriateness of the > network disclosure mechanisms. > > For example, as I understand it in 802.11u, there is a proposal whereby > the STA would disclose the networks with which it has a relationship in > the Probe Request, and the AP would respond with the subset of that list > that it supports in the Probe Response. > > The discovery mechanism in this draft is somewhat different: the AAA > proxy discloses its roaming relationships to the peer without the peer > first indicating what networks it supports. > > The questions this issue raises are: > > 1. Is the disclosure negotiation described in this document appropriate? > What are the security implications? > > 2. Does the document need to be modified so as to have the peer indicate > the networks it supports? I do not claim myself to be a security expert. The fundamental question that I ask, is if it is fair thing to ask a service provider not to announce its presence when by the very nature of its business it needs to announce its presence to the maximum number of current and potential furutre customers? Also 1) What is the issue with advertising presence of a service provider to all users before authentication has been done? What new security issue has been created? Service providers use printed materials, radio/tv advertisements etc. to announce their presence as well. Are these all security risks and they have security implications? Should they take off all the billboards, newspaper advertisements etc. as well? Again I say, no new security issue is created as this knowledge already exsists in public domain. 2) Do not we do it today via SSID or PLMN ID etc? Do not the hotpsot operator try to announce themselve by trying to have a specific SSID for their customers and broadcasting it (it has its issues but they are relevant to this discussion). The hotspot operators can even announce their roaming partners today by using multiple SSIDs. BR, Farooq > _______________________________________________ > eap mailing list > eap [at] frascone.com > http://mail.frascone.com/mailman/listinfo/eap
- Re: Issue 286: Security, (continued)
- Re: Issue 286: Security Jari Arkko, February 13 2005
- Re: Issue 286: Security Jari Arkko, February 14 2005
-
RE: Issue 286: Security Adrangi, Farid, February 13 2005
- Re: Issue 286: Security Jari Arkko, February 14 2005
- RE: Issue 286: Security Bari, Farooq, February 13 2005
- RE: Issue 286: Security Bernard Aboba, February 13 2005
-
Re: Issue 286: Security Jari Arkko, February 14 2005
- Re: Issue 286: Security Jari Arkko, February 15 2005
- RE: Issue 286: Security Glen Zorn (gwz), February 15 2005
Results generated by Tiger Technologies using MHonArc.