|
CID
|
Comment
|
Proposed Change
|
Resolution
|
mgr comment/objection
|
|
6121
|
The wording and description of FILS STA behavior for PMKSA caching and use is not very clear and is confusing.
|
Replace the paragraph with the following text: "A FILS STA performing FILS authentication can supply a list of PMK identifiers in its initial Authentication frame. Each PMK identifier names a PMKSA;
the PMKSA contains a single PMK. If the AP has retained an identified PMKSA it can facilitate a faster connection by providing a single identified PMKSA in the transmitted Authentication frame. The STA and AP then can use the PMK from the cached PMKSA in
FILS handshaking to authenticate. FILS authenticators that support PMK caching may identify themselves to STAs using a Cache Identifier. A FILS STA that has successfully established a PMKSA at an AP identifying a particular Cache Identifier, can attempt to
use PMK caching in a subsequent attempt with any AP that uses the same Cache Identifier."
|
Revised: generally agree with the comment. Suggested wording has been modified.
Replace the paragraph with the following text: "A FILS STA performing FILS authentication can supply a list of PMK identifiers in its initial Authentication frame. Each PMK identifier names a PMKSA; the PMKSA contains a single PMK. If the AP has retained
an identified PMKSA it can facilitate a faster connection by identifying a single PMKSA in the transmitted Authentication frame. The STA and AP then can use the PMK from the cached PMKSA to authenticate. FILS authenticators that support PMK caching may identify
themselves to STAs using a Cache Identifier. A FILS STA that has successfully established a PMKSA at an AP identifying a particular Cache Identifier, can attempt to use PMK caching in a subsequent attempt with any AP that uses the same Cache Identifier."
|
Spurious comma in last sentence of resolution.
What is "the transmitted Authentication frame"? Suggest "the second Authentication frame" or "the Authentication frame it transmits"
I think "can then" is more idiomatic than "then can"
What are "FILS authenticators"? Suggest "FILS STAs"
What does "to STAs" mean? What else could they identify themselves to? And what does the "may" mean here? Suggest just "FILS STAs that support PMK caching identify themselves using a Cache Identifier"
|
|
6190
|
The use of the word "This" is unclear as this usually refers to a specific instance. Is "This" the IEEE 802.1X security exchange, the SAE exchange, or the FILS exchange? Does the sentence intend
to say that all PMSKAs are bidirectional and are used by both parties? If so then the sentence should be corrected so that this is clear, if not than what the this refers to should be made clear.
|
Replace "This security
association is bidirectional." with "All security associations are bidirectional"
|
Revised: Agree with the comment that the text should be clarified. Suggested wording has been modified to better fit the context.
Replace "This security
association is bidirectional." with " A PMKSA is a bidirectional association." Note to editor: there needs to an space in front the sentence; currently there is no space in front of the word "This".
|
OK, but note this is baseline text (i.e. it's not just adding FILS stuff)
|
|
6192
|
The way that FILS has been added to this sentence has broken the specification. As it now reads the PMSKA is created by the information obtained from the Authenticator's SME for all cases. This
is not true. The PMKSA is created from the AS information only when IEEE 802.1X authentication is used. Other wise (for SAE or FILS or case when the PSK is configured) the PMSKA is created by Authenticator's SME at the competition the exchange or configuration
of the PSK.
|
Change the sentence to read as follows: "The PMKSA is created by the Authenticator's SME when the PMK is created from the keying information transferred from the AS in an IEEE 802.1X authentication
exchange, or when the PMK is provided by the successful completion of a SAE exchange, or the successful completion of a FILS authentication exchange, or when the PSK is configured."
|
Revised: generally agree with the comment. Suggested wording has been modified.
Change the sentence to read as follows: "The PMKSA is created by the Authenticator's SME when the PMK is created from the keying information transferred from the AS in an IEEE 802.1X authentication exchange, or when the PMK is created by the successful completion
of a SAE exchange, or the successful completion of a FILS authentication exchange, or when the PSK is configured."
|
Note this is baseline text being changed
The grammar is broken: "PMKSA is created when the PMK is created from X, or when the PMK is created by completion of Y, or the completion of Z, or when the PSK is configured."
|
|
6247
|
I don't understand why Channel Fragment 1 is important in FILS Discovery frame. What is important is the primary channel number. With that, the TA can do association, receive Beacon etc. If you want,
one bit indication of 80+80 BSS is enough.
|
Remove Channel Fragment 1 from the frame.
|
Rejected: The CCFS-1 is an optional element and is only included if the AP deems such information necessary for BSS selections as well for immediate operation in the 80+80 BSS.
|
To be responsive, the resolution needs to address the comment, i.e. explain why CCFS-1 is important. "if the AP deems such information important" just restates the question, it doesn't answer it
|
|
6587
|
"NOTE: FILS is only supported in non-DMG infrastructure BSS. FILS is not supported in IBSS, PBSS, or MBSS." I can't see the relevance of this note here (and it is not formatted correctly anyway)
|
Delete the para
|
Rejected: this note is added here as a part of an approved resolution for CID 4006. CID 4006 required clarification whether DMG STAs are supported in FILS since it is not clear from the table in question.
This note is added to clarify that FILS is not supported by DMG STAs.
|
1) The resolution for CID 4006 was therefore wrong (the commenter didn't ask for a sentence in that subclause, merely asked for clarification; also the TVWS part of the comment was not addressed)
2) In any case, the second part of the cited NOTE is irrelevant to CID 4006
3) The last part of this comment, about the NOTE being formatted incorrectly, has not been addressed too
|
|
6812
|
There might be more than one FILS Public Key Container element. The referenced location is only one instance. Other instances are at 33.26
|
Change "FILS Public Key Indicator element is optionally present" to "One or more FILS Public Key Indicator elements are optionally present" at all the locations identified in this comment
|
Revised: generally agree with the comment. Changed the suggested wording to be in line with the style of the other approved resolutions.
Change at both locations "FILS Public Key Indicator element is optionally present when dot11FILSActivated is true." to "One or more FILS Public Key Indicator elements are optionally present if dot11FILSActivated is true; this parameter is not present otherwise."
|
a) it's not a "parameter" and b) watch out for plural+singular ("one or more Xs" v. "this X is not present")
|
|
6815
|
"FILS is only supported in non-DMG infrastructure BSS." -- it's also supported in a DMG STA, according to 10.1.4.2.1
|
Change "non-DMG" to "an"
|
Rejected:FILS in general is not supported by DMG STAs or DMG BSS. There is no mention of FILS being supported in a DMG STA in 10.1.4.2.1. It seems that one particular aspects, MLME-SCAN-STOP may be
supported by DMG STAs, but not all the other features.
|
Then you need to amend the addition to 10.1.4.2.1 to restrict it to FILS STAs
|
|
6857
|
There is a description of what happens for immediate reporting, but not for channel specific or at-end reporting
|
Add suitable words for the two currently undescribed values
|
Revised: It is difficult to describe all the values of ReportingOption in the table; a reference is instead provided for detailed description of the ReportingOption parameter. Change the description
for ReportingOption to read as "Indicates the result reporting
mode as described in 10.1.4 (Acquiring synchronization, scanning). This parameter is
optionally present if
dot11FILSActivated is true; this parameter is not present otherwise."
This resolution is the same as that for CID 6077
|
Where is at-end reporting described? There are no instances of "AT_END" anywhere except clause 6
|
|
6861
|
8.4.2.179 does not define an octet string
|
Change the type to "FILS Indication element"
|
Revised: agree that the Type description should be changed. Following the same style as used in RevMC 3.0 for RequestInformation, change the "Type" description for FILS Indication from "Octet string"
to "As defined in 8.4.2.179 (FILS Indication element)".
|
No, the "Valid range" is "As defined in 8.x". The "Type", however, is just "X element" (see RSN row immediately above)
|
|
6863
|
8.4.2.169 does not define an octet string
|
Change the type to "Short Neigbor AP Report element" or "Reduced Neigbor AP Report element"
|
Revised: agree that the Type description should be changed. Following the same style as used in RevMC 3.0 for RequestInformation, change the "Type" description for Reduced Neighbor Report from "Octet
string" to "As defined in 8.4.2.169 (Reduced Neighbor Report)".
|
No, the "Valid range" is "As defined in 8.x". The "Type", however, is just "X element" (see RSN row immediately above)
|