| Re: PANA and EAP keying framework | <– Date –> <– Thread –> |
From: Yoshihiro Ohba (yohba tari.toshiba.com)
|
|
| Date: Tue, 10 Jan 2006 13:28:04 -0800 (PST) | |
On Tue, Jan 10, 2006 at 12:59:33PM -0800, Walker, Jesse wrote: > There are numerous places, but you can start with clause 5.9.2.1, which > gives an expository overview of the process. This partially answers to my questions, but I think the 802.11i specification is vague about the behavior you mentioned. For example, in the following text in clause 5.9.2.1: " Upon successful completion of the 4-Way Handshake, the Authenticator and Supplicant have authenticated each other; and the IEEE 802.1X Controlled Ports are unblocked to permit general data traffic. " - What is the definition of "general data traffic"? - The above text does not say anything about whether any data frame other than 802.1X messages is not allowed to pass through uncontrolled port. Yoshihiro Ohba > > > -----Original Message----- > > From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com] > > Sent: Tuesday, January 10, 2006 12:47 PM > > To: Walker, Jesse > > Cc: Yoshihiro Ohba; Bernard Aboba; eap [at] frascone.com > > Subject: Re: [eap] PANA and EAP keying framework > > > > Jesse, > > > > On Tue, Jan 10, 2006 at 12:30:58PM -0800, Walker, Jesse wrote: > > > Yoshihiro > > > > > > > I don't think 802.11i prohibits any IP traffic to pass throuth > > > > uncontrolled port before 4-way handshake. In fact, there is a > > > > description in section 5.4.2.2 of IEEE 802.11i 2004 specification: > > > [Walker, Jesse] This is not true. 802.1X frames are the only type of > > > data 802.11i allows to pass over the link prior to key confirmation. > IP > > > traffic is not encapsulated with the 802.1X Ethertype, so is > expressly > > > blocked. > > > > Can you point out which text in the 802.11i specification states this > > specific behavior? How can we interpret the quoted text in section > > 5.4.2.2? > > > > In any case, another way is to use multiple (virtual) APs, one > > operating in 'open' authentication running PANA and the other > > operating in 802.11i, and switching from the former AP to the latter > > after PANA authentication. > > > > Regards, > > Yoshihiro Ohba > >
- Re: PANA and EAP keying framework, (continued)
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
-
RE: PANA and EAP keying framework Walker, Jesse, January 10 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 10 2006
- Re: PANA and EAP keying framework Rafa Marin Lopez, January 10 2006
-
RE: PANA and EAP keying framework Walker, Jesse, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
Results generated by Tiger Technologies using MHonArc.