Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Hello,
I've been assigned CID 6083 from the last ballot against D3.0. The comment concerns
the response the AP provides to the STA on authentication failure. In this specific case,
it's when the STA indicates that ERP authentication should go to an Authentication
Server that the AP doesn't know about.
The concern is that this is providing too much information to an attacker. So this is
one of those "security versus usability" issues. I am more than happy to resolve this
comment the way the TG wants but I think the TG should provide some guidance.
On the one hand, the commenter is correct; this provides information an attacker
could use. But how useful is it since other STAs will be passing information on valid
domains/ASes in the clear when they do FILS? The attacker could just passively
observe an exchange. On the other hand, what should the response be? Silence?
That would not be very debuggable in the inevitable situation where a user
fat-fingers something. The exchange would just fail and the user would not have
any information to use to debug it (he'd probably think his password was typed
wrong and enter it again getting another silent failure).
So what do people think? Where is the imbalance? On the side of not providing
information to attackers or in potential aids to debugging?
regards,
Dan.
IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this CLOSED reflector. We use this valuable tool to communicate on the issues at hand. SELF SERVICE OPTION: Point your Browser to - http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAI and then amend your subscription on the form provided. If you require removal from the reflector press the LEAVE button. Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________ |