doc.: IEEE /0877r0 Submission June WG Slide 1 TGs response to CN NB comments Date: Authors:
doc.: IEEE /0877r0 Submission June WG Slide 2 Abstract IEEE Task Group ‘s’ (Mesh Networking) received comments from the China NB on its draft. Their resolutions are discussed here.
doc.: IEEE /0877r0 Submission June WG China NB Comments on IEEE s and Their Resolutions There are numerous editorial mistakes in the draft. (Specific examples were given). The specific mistakes were corrected and a complete pass was made on the draft fixing several more editorial errors. A professional editor from IEEE SA will be assigned to edit the draft after Sponsor Balloting closes to resolve any remaining editorial issues. Slide 3
doc.: IEEE /0877r0 Submission June WG China NB Comments on IEEE s and Their Resolutions What are the mechanisms against man-in-the-middle attack in a Mesh Network? The mandatory-to-implement security protocol (SAE) performs mutual authentication and is resistant to passive attack, active attack, and dictionary attack. A man-in-the-middle would be unable to impersonate another mesh point nor could it glean any secret information by observing exchanges between legitimate mesh points. A man-in-the-middle would be unable to launch an attack. Slide 4
doc.: IEEE /0877r0 Submission June WG China NB Comments on IEEE s and Their Resolutions Because the authentication credential is a shared secret (word, key, code, or phrase) it may be necessary to add support for authentication using a certificate. A proposal was made to introduce an protocol that authenticated a Diffie-Hellman exchange with digital certificates. The proposal failed to garner enough support for inclusion in the draft. The effort can be taken up again, and any and all help is solicited to encourage its adoption. Slide 5
doc.: IEEE /0877r0 Submission June WG China NB Comments on IEEE s and Their Resolutions Is the Root Mesh STA the same as a Mesh Portal (now named a Mesh Gate)? Conceptually, a Root Mesh STA is the entity used as a root for proactive tree building (routing); a Mesh Gate is the entity that has access to the DS as well as the MBSS. In practice they may be the same, but they need not be. Slide 6
doc.: IEEE /0877r0 Submission June WG China NB Comments on IEEE s and Their Resolutions Is a Mesh STA a Mesh Portal (now called a Mesh Gate) or a terminal point? A Mesh STA is a STA that supports mesh functionality as defined in IEEE s. That functionality can include the requirements to be a Mesh Gate but it is not required to include it. Not all Mesh STAs are Mesh Gates but all Mesh Gates are Mesh STAs. Slide 7
doc.: IEEE /0877r0 Submission June WG Summary Task Group ‘s’ (Mesh Networking) thanks the China NB for its comments on, and review of, the TGs draft All comments were resolved in Palm Springs, CA, in May The Task Group feels no further disposition is necessary. Assistance in adding a certificate-based authentication protocol is requested The authentication protocol added by Task Group ‘s’ (SAE) can be used as a blue-print– authentication prior to association followed by the 4-way handshake, negotiation of the domain parameter set to use with Diffie-Hellman, use of a new RSN AKM and ciphersuite, etc. The exchange can be modeled on existing, provably secure exchanges. The old proposal can be polished and resubmitted. Additional support of the proposal can help it be adopted into the IEEE standard. Slide 8
doc.: IEEE /0877r0 Submission June WG Slide 9 References s-p802-11s-sponsor-ballot-4 th -recirc-comments.xls