| RE: PANA and EAP keying framework | <– Date –> <– Thread –> |
From: Walker, Jesse (jesse.walker intel.com)
|
|
| Date: Tue, 10 Jan 2006 13:42:44 -0800 (PST) | |
Yoshihiro, > On Tue, Jan 10, 2006 at 12:59:33PM -0800, Walker, Jesse wrote: > > There are numerous places, but you can start with clause 5.9.2.1, which > > gives an expository overview of the process. > > This partially answers to my questions, but I think the 802.11i > specification is vague about the behavior you mentioned. > > For example, in the following text in clause 5.9.2.1: > > " > Upon successful completion of the 4-Way Handshake, the Authenticator > and Supplicant have authenticated each other; and the IEEE 802.1X > Controlled Ports are unblocked to permit general data traffic. > " > > - What is the definition of "general data traffic"? [Walker, Jesse] General data traffic are MSDUs received through the UNITDATA.request interface that have an Ethertype different from 802.1X. > > - The above text does not say anything about whether any data frame > other than 802.1X messages is not allowed to pass through uncontrolled > port. [Walker, Jesse] You can find the answer reading 802.1X Clause 8. The answer is no. All data traffic passes through the control port. The uncontrolled port passes only frames of Ethertype 802.1X. > > Yoshihiro Ohba > > > > > > -----Original Message----- > > > From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com] > > > Sent: Tuesday, January 10, 2006 12:47 PM > > > To: Walker, Jesse > > > Cc: Yoshihiro Ohba; Bernard Aboba; eap [at] frascone.com > > > Subject: Re: [eap] PANA and EAP keying framework > > > > > > Jesse, > > > > > > On Tue, Jan 10, 2006 at 12:30:58PM -0800, Walker, Jesse wrote: > > > > Yoshihiro > > > > > > > > > I don't think 802.11i prohibits any IP traffic to pass throuth > > > > > uncontrolled port before 4-way handshake. In fact, there is a > > > > > description in section 5.4.2.2 of IEEE 802.11i 2004 specification: > > > > [Walker, Jesse] This is not true. 802.1X frames are the only type of > > > > data 802.11i allows to pass over the link prior to key confirmation. > > IP > > > > traffic is not encapsulated with the 802.1X Ethertype, so is > > expressly > > > > blocked. > > > > > > Can you point out which text in the 802.11i specification states this > > > specific behavior? How can we interpret the quoted text in section > > > 5.4.2.2? > > > > > > In any case, another way is to use multiple (virtual) APs, one > > > operating in 'open' authentication running PANA and the other > > > operating in 802.11i, and switching from the former AP to the latter > > > after PANA authentication. > > > > > > Regards, > > > Yoshihiro Ohba > > > >
- RE: PANA and EAP keying framework, (continued)
-
RE: PANA and EAP keying framework Bernard Aboba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
- Re: PANA and EAP keying framework Rafa Marin Lopez, January 10 2006
- RE: PANA and EAP keying framework Walker, Jesse, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 10 2006
Results generated by Tiger Technologies using MHonArc.