| Re: PANA and EAP keying framework | <– Date –> <– Thread –> |
From: Rafa Marin Lopez (rafa dif.um.es)
|
|
| Date: Tue, 10 Jan 2006 15:28:05 -0800 (PST) | |
Hello Jesse
Only a short question for clarification. As Yoshi has commented in section 5.4.2.2 in 802.11i we can find:
" IEEE 802.1X Supplicants and Authenticators exchange
protocol information via the IEEE 802.1X Uncontrolled Port. It is
expected that most other protocol exchanges will make use of the IEEE
802.1X Controlled Ports. However, a given protocol may need to bypass
the authorization function and make use of the IEEE 802.1X
Uncontrolled Port.
"
Then when we read
we should understand "a given protocol" as only 802.1X frames , right?
Regards.
Walker, Jesse wrote:
Only a short question for clarification. As Yoshi has commented in section 5.4.2.2 in 802.11i we can find:
" IEEE 802.1X Supplicants and Authenticators exchange
protocol information via the IEEE 802.1X Uncontrolled Port. It is
expected that most other protocol exchanges will make use of the IEEE
802.1X Controlled Ports. However, a given protocol may need to bypass
the authorization function and make use of the IEEE 802.1X
Uncontrolled Port.
"
Then when we read
"However, a given protocol may need to bypass the authorization function and make use of the IEEE 802.1X Uncontrolled Port."
we should understand "a given protocol" as only 802.1X frames , right?
Regards.
Walker, Jesse wrote:
There are numerous places, but you can start with clause 5.9.2.1, which gives an expository overview of the process.
IP-----Original Message----- From: Yoshihiro Ohba [mailto:yohba [at] tari.toshiba.com] Sent: Tuesday, January 10, 2006 12:47 PM To: Walker, Jesse Cc: Yoshihiro Ohba; Bernard Aboba; eap [at] frascone.com Subject: Re: [eap] PANA and EAP keying framework
Jesse,
On Tue, Jan 10, 2006 at 12:30:58PM -0800, Walker, Jesse wrote:
Yoshihiro
I don't think 802.11i prohibits any IP traffic to pass throuth[Walker, Jesse] This is not true. 802.1X frames are the only type of
uncontrolled port before 4-way handshake. In fact, there is a
description in section 5.4.2.2 of IEEE 802.11i 2004 specification:
data 802.11i allows to pass over the link prior to key confirmation.
expresslytraffic is not encapsulated with the 802.1X Ethertype, so is
blocked.
Can you point out which text in the 802.11i specification states this specific behavior? How can we interpret the quoted text in section 5.4.2.2?
In any case, another way is to use multiple (virtual) APs, one operating in 'open' authentication running PANA and the other operating in 802.11i, and switching from the former AP to the latter after PANA authentication.
Regards,
Yoshihiro Ohba
_________________________________________________________________ To unsubscribe or modify your subscription options, please visit: http://lists.frascone.com/mailman/listinfo/eap
Arhives: http://lists.frascone.com/pipermail/eap
-- ------------------------------------------------------ Rafael Marin Lopez Faculty of Computer Science-University of Murcia 30071 Murcia - Spain Telf: +34968367645 e-mail: rafa [at] dif.um.es ------------------------------------------------------
- RE: PANA and EAP keying framework, (continued)
-
RE: PANA and EAP keying framework Walker, Jesse, January 10 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
- Re: PANA and EAP keying framework Rafa Marin Lopez, January 10 2006
-
RE: PANA and EAP keying framework Bernard Aboba, January 10 2006
-
RE: PANA and EAP keying framework Walker, Jesse, January 10 2006
-
RE: PANA and EAP keying framework Walker, Jesse, January 10 2006
- Re: PANA and EAP keying framework Yoshihiro Ohba, January 10 2006
Results generated by Tiger Technologies using MHonArc.