eap Mailing List

View Index by: Date - Thread - Author
AW: [eap] EAP Proxy question in context of 802.16e
From: Tschofenig Hannes (hannes.tschofenigsiemens.com)
Date: Mon, 21 Mar 2005 12:49:56 -0500 (EST) 
hi sanjay, 

the most important question is: where do you want to have which session
keys?

ciao
hannes

-----Ursprüngliche Nachricht-----
Von: Bakshi, Sanjay [mailto:sanjay.bakshi [at] intel.com] 
Gesendet: Sonntag, 20. März 2005 15:28
An: eap [at] frascone.com
Betreff: [eap] EAP Proxy question in context of 802.16e


Hello,
I have a question in context of application of EAP to 802.16e network.
 
Following figure shows the typical application of EAP to an 802.16e based
network
 
EAP-method                                     EAP-method
EAP                EAP   EAP                   EAP
PKMv2              PKMv2 RADIUS                RADIUS
----------         -------------               ----------
MSS/EAP_peer     BS/EAP_Authenticator              AS               
 
802.16e defines PKMv2 as the encapsulation protocol for carrying EAP
messages between MSS (802.16e Mobile Subscriber Station) and BS(802.16e Base
Station). BS acts as the RADIUS client and forwards the EAP messages to the
AS and vice-versa.
 
In order to better handle mobility, following is an alternative way of
applying EAP model that is being considered: -
 
EAP-method                                                     EAP-method
EAP             EAP   EAP        EAP EAP                       EAP
PKMv2           PKMv2 ???        ??? RADIUS                    RADIUS
------------    ------------     -------------------------     -----------
MSS/EAP_peer    BS/EAP_Proxy     Gateway/EAP_Authenticator     AS

 
Basically, in the context of EAP in this model BS acts as a relay and
implements two functions.
 1. On uplink BS removes EAP pdus from the PKMv2 encapsulation, encapsulates
them in a "to be defined"
    encapsulation and forwards them to the Gateway which is a RADIUS client.
      
 2. On downlink BS removes EAP pdus from a "to be defined" encapsulation,
encapsulates them in PKMv2 and 
    forwards them to the MSS
 
BS does not implement any Authenticator functions. Assuming that appropriate
encapsulation protocol is defined
between BS and Gateway, does this model break any assumptions of EAP's
3-party model? Is it legal from EAP perspective?
 
Thanks,
-- Sanjay
  • (no other messages in thread)

Results generated by Tiger Technologies using MHonArc.