eap Mailing List: Re: Issue 286: Security

[Jari Arkko (jari.arkko]

Here's an attempt to write some text that would
address this issue. I agree that the draft should
define its area of applicability better, and
should talk about the security considerations of
revealing network identities.

Text: Add the following new text to the end
of the abstract:

  The mechanism defined in this document is
  primarily intended for advertising connectivity
  to a limited number of entities that find such
  advertisements of their presence useful.

Add the following new text before the
last paragraph in Section 1.

  This mechanism is not generally applicable to
  all access networks or all home or mediating networks.
  Basic roaming and AAA routing mechanisms are normally
  sufficient, and the identification hints are typically
  useful only when there's too much ambiquity, or when
  the scale of the roaming associations precludes
  full automatic connectivity from all access networks
  to all home networks. In such situations, a limited
  number of identity hints can be provided. Even
  in this case, it is required that the networks that
  are listed in these hints consent to such
  advertisements.

And add this to the Security Considerations section:

  Any information revealed either from the network
  or client sides before authentication has occurred
  can be seen as a security risk. For instance, revealing
  the existence of network that uses a poor authentication
  method can make it easier for attackers to discover
  that such network can be accessed. As a result,
  the consent of the network being described in the
  hints is required before such hints can be sent.

Comments? Would this work for people?

--Jari