doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 1 Some LB 62 Motions January 14, 2003

doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 2 Motion 1 Motion: IEEE Task Group I adopts 802_11i-D7.1.doc as the basis for further work Note: Adoption of this motion would accept the following editorial changes: 4-22, 25, 27, 29-52, 54-57, 59-74, , , , 163, , , 184, 188, 192, 195, 197, , 210, 214, 215, 225, 226, 238, 241, 257, 300, 316, 330, 333, , 348, 390, 394, 395, 408, 409, , 422, 423, , , , 479, , 491, 492, 494, 497, 501, 503, 504, 508, 514, , , 541, 542, , 556, , 576, 578, 579, 585, 588, 590, 593, 594, 609, 610, 614, , , , 645, 647, 648, 650, 652, 654, 656, , 672, , 688, 689, 691, , 702, 703, 705, 707, 712.

doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 3 Motion 2: Comment 301 Comment 301 observes that 802.1X does not provide key management services used by i. Motion: Address Comment 301 on by adopting the text: In an RSNA, IEEE provides functions to protect Data frames, IEEE 802.1X provides authentication and frame filtering, and IEEE and IEEE 802.1X collaborate to provide key management

doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 4 Motion 3: Comment 295 Comment 295 asks that we bring i’s usage of 802.1X into line with 802.1X. Motion: Address Comment 295 on by text it suggests: The first component is an IEEE 802.1X Port Access Entity (PAE). PAEs are present on all STAs in an RSNA and control the forwarding of data to and from the MAC. The PAE in an AP adopts the Authenticator role, while the PAEs in other STAs in the BSS adopt the Supplicant role. In an IBSS, the PAE in each STAs adopts both roles simultaneously

doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 5 Motion 4: Comments 287, 288 Motion: Address Comments 287, 288 by replacing the text from Once the IEEE 802.1X AKM completes successfully, the IEEE 802.1X Controlled Port unblocks to allow data traffic with the text: Once the AKM completes successfully, data protection is enabled to prevent unauthorized access, and the IEEE 802.1X Controlled Port unblocks to allow protected Data traffic.

doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 6 Motion 5: Comment 298 Motion: Address Comment 298 by replacing the text from with No facilities are provided to move an RSNA during Reassociation, so the old RSNA will be deleted, and a new RSNA will need to be constructed

doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 7 Motion 6: Comment 299 Comment 299 observes 1 st paragraph we are adding to does not make sense. Motion: Address Comment 299 by replacing 1 st paragraph we are adding with: In a WLAN that does not support the establishment of RSNAs, Authentication and Confidentially services were defined with the intention of providing similar security characteristics to those achieved by restricting physical access to a wired LAN. A wired LAN provides a level of Authentication as only users with physical access to the LAN can connect, and a level of Confidentiality as only users with physical access can monitor data flows

doc.: IEEE /0103r0 Submission January 2004 Jesse Walker, Intel CorporationSlide 8 Motion 7: Comments on Motion: Address Comments , 302, and 551 by relacing the body of with the text IEEE attempts to control LAN access via the authentication service. IEEE authentication is an SS. This service may be used by all STAs to establish their identity to STAs with which they communicate, in both ESS and IBSS networks. If a mutually acceptable level of authentication has not been established between two STAs, an association shall not be established. IEEE authentication operates at the link level between IEEE STAs. IEEE does not provide either end-to-end (message origin to message destination) or user-to-user authentication. IEEE defines two authentication methods, Open System Authentication and Shared Key Authentication. Open System Authentication admits any STA to the LAN. Shared Key Authentication relies on WEP to demonstrate knowledge of a WEP encryption key. The IEEE authentication mechanism also allows definition of new authentication methods. An RSNA also supports authentication based on IEEE 802.1X, or Pre-Shared Keys (PSKs). IEEE 802.1X authentication utilizes the Extensible Authentication Protocol (EAP, RFC 2284) to authenticate STAs and the AS with one another. This standard does not specify a mandatory-to-implement EAP method. Clause describes the IEEE 802.1X Authentication and PSK within IEEE IBSS. In an RSNA, IEEE 802.1X Supplicant’s and Authenticators exchange protocol information via the IEEE 802.1X Uncontrolled Port. The IEEE 802.1X Controlled Port is blocked from passing general data traffic between the STA and the AP until an IEEE 802.1X authentication procedure completes successfully over the IEEE 802.1X Uncontrolled Port. The Open System Authentication algorithm is used in both BSS and IBSS RSNA, though Open System Authentication is optional in an RSNA IBSS. RSNA disallows the uses of Shared Key Authentication. Management information base (MIB) functions are provided to support the standardized authentication schemes. A STA may be authenticated with many other STAs at any given instant.