eap Mailing List: RE: PANA and EAP keying framework

[Walker, Jesse (jesse.walker]

There are numerous places, but you can start with clause 5.9.2.1, which
gives an expository overview of the process.

> -----Original Message-----
> From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com]
> Sent: Tuesday, January 10, 2006 12:47 PM
> To: Walker, Jesse
> Cc: Yoshihiro Ohba; Bernard Aboba; eap [at] frascone.com
> Subject: Re: [eap] PANA and EAP keying framework
> 
> Jesse,
> 
> On Tue, Jan 10, 2006 at 12:30:58PM -0800, Walker, Jesse wrote:
> > Yoshihiro
> >
> > > I don't think 802.11i prohibits any IP traffic to pass throuth
> > > uncontrolled port before 4-way handshake.  In fact, there is a
> > > description in section 5.4.2.2 of IEEE 802.11i 2004 specification:
> > [Walker, Jesse] This is not true. 802.1X frames are the only type of
> > data 802.11i allows to pass over the link prior to key confirmation.
IP
> > traffic is not encapsulated with the 802.1X Ethertype, so is
expressly
> > blocked.
> 
> Can you point out which text in the 802.11i specification states this
> specific behavior?  How can we interpret the quoted text in section
> 5.4.2.2?
> 
> In any case, another way is to use multiple (virtual) APs, one
> operating in 'open' authentication running PANA and the other
> operating in 802.11i, and switching from the former AP to the latter
> after PANA authentication.
> 
> Regards,
> Yoshihiro Ohba