Issue 199 - EAPoL-Key message generation at WTP or AC Issue 199, summarized as:...the WTP maintains the KeyRSC while the AC requires this information to.

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
Advertisements

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Doc.: IEEE /770r0 Submission July 2009 Slide 1 TGs Authenticated Encryption Function Date: Authors: Russ Housley (Vigil Security), et.
Doc.: IEEE /275 Submission September 2000 David Halasz, Cisco Systems, Inc.Slide 1 IEEE 802.1X for IEEE David Halasz, Stuart Norman, Glen.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
67th IETF San Diego IETF BMWG WLAN Switch Benchmarking Jerry Perser, Tom Alexander, Muninder Singh Sambi,
CAPWAP Editor’s Report Pat R. Calhoun Cisco Systems, Inc.
Light Weight Access Point Protocol (LWAPP) IETF 57 Pat Calhoun, Airespace.
CAPWAP related draft-shao-opsawg-capwap-hybridmac-00 draft-chen-opsawg-capwap-extension-00 draft-zhang-opsawg-capwap-eap-00.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
CAPWAP Issues: QoS Mahalingam Mani IETF 67 6 Nov 2006, San Diego.
Status of CAPWAP Architecture Draft Lily Yang Intel Corp. March 3, th IETF meeting.
Session Peering Protocol over SOAP I-D ( draft-ietf-drinks-spp-over-soap-01) draft-ietf-drinks-spp-over-soap-01 0 Presenter: Vikas Bhatia (On behalf of.
Yang Shi (Richard), Yong Zhang IETF 74 th 26 March 2009, San Francisco CAPWAP WG MIB Drafts Report.
Light Weight Access Point Protocol (LWAPP) Pat R. Calhoun draft-ohara-capwap-lwapp-01.txt.
March 2007 CAPWAP Protocol Specification Editors' Report March 2007
Status Update of CAPWAP Architecture Taxonomy Lily Yang (Editor) Intel Corp. August 4, th IETF meeting.
CAPWAP Taxonomy Recommendations Pat R. Calhoun, Cisco Systems Bob O’Hara, Cisco Systems Inderpreet Singh, Chantry Networks.
March 2006 CAPWAP Protocol Specification Update March 2006
CAPWAP Threat Analysis 66 th IETF, Montreal 10 July 2006 Scott KellyCharles Clancy.
Doc.: IEEE 11-04/0319r0 Submission March 2004 W. Steven Conner, Intel Corporation Slide 1 Architectural Considerations and Requirements for ESS.
CAPWAP Arch-Draft Issues IETF 59, Seoul 4 March 2004.
Lesson 10: Configuring Network Settings MOAC : Configuring Windows 8.1.
62 nd IETF – CAPWAP Working Group1 CAPWAP Objectives Saravanan Govindan March 2005.
Issue #138 CAPWAP WG Meeting IETF 68, Prague. Issue 138 #138: Support and Negotiation of WTP data encryption in the CAPWAP protocol Proposed solution.
Doc.: IEEE Submission September 16, 2004 Poor & Struik / Ember & CerticomSlide 1 Project: IEEE P Working Group for Wireless Personal.
SRI International 1 Topology Dissemination Based on Reverse-Path Forwarding (TBRPF) Richard Ogier September 21, 2002.
Packet Format Issues #227: Need Shim Header to indicate Crypto Property of packet Do we need to add pre-amble header to indicate if data is encrypted or.
August 27, 2003 Evaluation of WiNc Manager A Wireless Network Management Software from Cirond Technologies Inc. by Kassim Olawale Radio Science Laboratory.
Issues Discussions CAPWAP Interim Jan 24-25, 2007 Mahalingam Mani.
CAPWAP Threat Analysis draft-kelly-capwap-threat-analysis th IETF, San Diego 6 November 2006 Scott KellyCharles Clancy.
July 2007 CAPWAP Protocol Specification Editors' Report July 2007
NEMO Basic Support update IETF 61. Status IANA assignments done Very close to AUTH48 call Some issues raised recently We need to figure out if we want.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
Doc.: IEEE /0415r0 Submission April mc CIDs 1136,1118,1458 Date: Authors: Graham Smith, DSP GroupSlide 1.
November 2011 Jin-Meng Ho and David Davenport. doc.: IEEE Slide 1Submission Project: IEEE P Working Group for Wireless Personal.
Protocol Coexistence Issue in MSA Subsequent Authentication
Doc.: IEEE /034r0 Submission January 2002 Matthew B. Shoemake, TGg ChairpersonSlide 1 TGg Report to the IEEE Working Group Matthew B. Shoemake.
Hybrid-MAC Model for CAPWAP draft-ietf-opsawg-capwap-hybridmac-00 Presenting: Hui Deng:
Doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003.
CAPWAP Threat Analysis
Robust Security Network (RSN) Service of IEEE
Some LB 62 Motions January 13, 2003 January 2004
Topic #1 & #5 “All that has to do with header formats”
P802.11aq Waiver request regarding IEEE RAC comments
P802.11aq Waiver request regarding IEEE RAC comments
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
Discussion on CID2199 Date: Authors: Jan 2014 Name Company
September 2010 Project: IEEE P Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [TG6 Proposed MAC comment resolution]
July 2002 QoS Interactions Interaction of AES Message Integrity Check Processing with Quality of Service Paul Lambert, Woodside Networks, Inc.
Issue Discussion: KeyRSC (43)
Proposed Modifications to e-D4.0 Direct Link Protocol
AP Functional Needs of CAPWAP
Proposed Resolutions to RFI comments of LB 166 on IEEE s D7.0
WLAN Architectural Considerations for IETF CAPWAP
doc.: IEEE /454r0 Bob Beach Symbol Technologies
GCMP Restriction Date: Authors: January 2011 May 2010
WLAN Architectural Considerations for IETF CAPWAP
November 2010 doc.: IEEE /0800r9 November 2010
Discussion on CID2199 Date: Authors: Jan 2014 Name Company
Responses to Clause 5 Comments
P802.11aq Waiver request regarding IEEE RAC comments
P802.11aq Waiver request regarding IEEE RAC comments
Comment resolution #79 Date: 2009, November 17 Authors: November 2009
TGi Draft 1 Clause – 8.5 Comments
Revisiting Path Switch
TGu/TGv Joint Meeting Date: Authors: May 2008 Month Year
TGi Draft 1 Clause – 8.5 Comments
Extended Usage of STKSA
Comment Resolution Motions
Presentation transcript:

Issue EAPoL-Key message generation at WTP or AC Issue 199, summarized as:...the WTP maintains the KeyRSC while the AC requires this information to generate the EAPoL frame for Message-3 of the 4-way handshake..... The proposal is to include a CAPWAP Key Configuration message that can transport the EAPoL frame between AC and WTP before being sent to the client (terminal). Issue 199 appears to be a duplicate of Issue 43, which is being resolved via added text to the security considerations section of the binding document. EAPOL-Key messages in the 4-Way Handshake exchange are always generated at the AC. Proposed resolution: Close as a duplicate. Resolution of Issue 43? Jan 25 th: Consensus to close Issue 199 as a duplicate of issue 43

Issue Issue 138 is the following: with the transition to DTLS, I propose that we always require the WTP to provide wireless encryption, and use DTLS between the AC and the WTP. Discussion: (a) The CAPWAP IEEE binding document currently supports encryption to be terminated at either the WTP or the AC. In the current specification, neither is required to be supported at either the WTP or the AC. This presents an interoperability problem, in that a compliant WTP (e.g. supporting only centralized encryption) would not interoperate with a compliant AC (e.g. supporting only WTP encryption). Proposed resolution: Insert the following text at the end of section 2.1 (Split MAC and Local MAC Functionality) To provide system component interoperability, the WTP MUST support encryption/decryption at the WTP and the WTP MUST support encryption/decryption at the AC. The AC MUST support either (a) encryption/decryption at the WTP or (b) encryption/decryption at the AC. The AC MAY support both encryption/decryption at the WTP and encryption/decryption at the AC.

Issue (b) The commenter proposes to disallow the use of centralized encryption, suggesting that mandatory DTLS in the data path can serve as a replacement. This has been discussed on the reflector at length in the past, and at the Dallas meeting. Availability of DTLS in the data path optionally secures the WTP to AC link; it does not provide STA to AC end-to-end protection, and is not a replacement for centralized encryption. Support of centralized encryption has been part of CAPWAP/ from the beginning, and provides unique advantages, including elimination of the Key RSC issue, and support of APs in hostile environments. Proposed resolution: No change to the CAPWAP protocol specification -03 (c) The CAPWAP protocol specification provides for the optional use of DTLS in the Data Plane - No change to the CAPWAP protocol specification -03 Comments (Pat) I still disagree with the proposed resolution for (b), and would like to see it removed from the CAPWAP spec for the following reasons: 1. We already have an optional way to encrypt the frames over the wire, which is based on DTLS. This scheme is completely extensible and will support any wireless technoloy, whereas this proposal only works with i. – encryption from STA to AC has different properties than STA-WTP + WTP-AC 2. This proposal will break some existing (and possibly future) features. For instance, the ability to do A- MSDU aggregation is limited because the WTP is where the actual packet buffering, and aggregation, is performed (since the wireless link is slower than the Ethernet). A-MSDU aggregation requires encryption after the aggregation function has occurred. Any other function that makes use of service periods (e.g., e) also cannot be used as the AC has absolutely no way to identify how to fragment the frames in order to meet with service period. The AC needs to have direct visibility into the air to do this. I do not believe that an implementor reading this specification would understand the restrictions his/her products would have by implementing CAPWAP. Jan 25 th : No consensus to remove centralized encryption

Issue 90 - Using for tunnelling in Split-MAC mode One of the recommendations of the evaluation team was to have a mode to tunnel frames between WTP and AC. It seems that that requirement was interpreted as tunneling frames for local MAC. However after talking to various folks at IETF 65 (dallas), it seems the intent was to tunnel frames in the split MAC (and not local MAC). Hence I would propose the following: –(a) Delete the tunneling of frames between AC WTP for Local MAC and replace it with (b). –(b) Add tunneling frames between AC WTP for Split MAC. Following the notation in section , a new variant of Split MAC should be defined (based on recommendation of the eval team) as follows. –I have marked the changes wrt the draft-00's section with * (note: section remains unchanged - this proposal is an addition to and not a replacement for section ): Function Location Distribution Service AC Integration Service *WTP* Beacon Generation WTP Probe Response WTP Power Mgmt/Packet Buffering WTP Fragmentation/Defragmentation WTP Assoc/Disassoc/Reassoc AC e Classifying AC Scheduling *WTP* (I don't understand why section shows.11e scheduling at AC) Queuing WTP i 802.1X/EAP AC Key Management AC Encryption/Decryption *WTP* –Jan 25 th : Consensus to resolve issue 90 by fixing Local Mac mode: change in -01, adding “/AC” in Figure 4 in the Distribution Service and Assoc/Disassoc/Reassoc lines

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.