| Issue 373: Organization of Section 4 | <– Date –> <– Thread –> |
From: Bernard Aboba (bernard_aboba hotmail.com)
|
|
| Date: Wed, 2 Aug 2006 14:46:43 -0700 (PDT) | |
Issue 373: Organization of Section 4 Submitter name: Bernard Aboba Submitter email address: aboba [at] internaut.com Date Submitted: July 31, 2006 Reference: Document: KEYING-14 Comment type: 'T'echnical Priority: S Section: 4 Rationale/Explanation of issue: Section 4 states the following: " With EAP, several mechanisms are available to reduce the latency in handoff between authenticators:
[a] EAP pre-authentication. This utilizes EAP to pre-establish EAP
keying material on an authenticator prior to arrival of the peer.
Use of pre-authentication within IEEE 802.11 is described in
[8021XHandoff] and [IEEE-802.11i].[b] Key caching. This mechanism enables an EAP peer to re-attach to an
authenticator without requiring EAP re-authentication.[c] Context transfer, such as is defined in [IEEE-802.11F] (now
deprecated) and [RFC4067]. Use of context transfer for handoff
latency improvement is described in [IEEE-02-758].[d] Proactive key distribution, such as is described in
[IEEE-02-758][IEEE-03-084] and [I-D.irtf-aaaarch-handoff].The sections that follow discuss the security vulnerabilities introduced by the above mechanisms." However, while Section 4.1 does talk about Pre-authentication, it is not made explicit how Sections 4.2 and 4.3 relate to the security of Key Caching, Context Transfer or Proactive Key distribution.
For example, issues of authorization and correctness do not apply to mechanisms which utilize AAA to distribute authorizations. Therefore Section 4.2 and 4.3 do not seem to relate to the Pre-authentication or Proactive Key Distribution mechanisms, only to Key Caching and Context Transfer.
- (no other messages in thread)
Results generated by Tiger Technologies using MHonArc.