|
CID
|
Page
|
Line
|
Clause
|
Comment
|
Proposed Change
|
Resolution
|
mgr Comments
|
|
6444
|
115.00
|
22
|
11.11.2.2.1
|
What is an "Authentication request"? Note the baseline defines the term "Authentication-Request" but (a) only for FT and (b) with a hyphen. The references on p. 97 are
too hidden
|
Be specific about the Authentication frame(s) this is intended to refer to
|
REVISED
Change the following sentence:
" If PMKSA caching was attempted and the received Authentication frame includes a PMKID that does not match a PMKID sent in the Authentication request; or if the Authentication response does not include either a PMKID or an EAP-Finish/Re-auth packet, the STA
shall abandon FILS authentication"
to:
"If PMKSA caching was attempted and the received Authentication frame includes a PMKID that does not match a PMKID sent in the Authentication frame sent at Step1; or if the received Authentication frame does not include either a PMKID or an EAP-Finish/Re-auth
packet, the STA shall abandon FILS authentication."
|
"at Step1" should be "in Step 1" (2 fixes)
Incidentally, the precedence of the "If PMKSA caching was attempted and" term is not clear: does it also apply to the "or if the received Authentication frame does not include either a PMKID or an EAP-Finish/Re-auth packet" term too (semicolon suggests not,
but not sure)?
|
|
6443
|
115.00
|
58
|
11.11.2.2.1
|
What is an "Authentication response"? Note the baseline defines the term "Authentication-Response" but (a) only for FT and (b) with a hyphen
|
Be specific about the Authentication frame(s) this is intended to refer to
|
REVISED. Change as following:
From: "If the STA doesn't successfully receive Authentication response within the time of dot11AuthenticationResponseTimeOut, then the STA should perform retransmission procedure as defined in IETF RFC 6696."
To:
"If the STA doesn't successfully receive Authentication frame within the time of dot11AuthenticationResponseTimeOut,
then the STA should perform retransmission procedure as defined in IETF RFC 6696."
|
Delete "sucessfully"
Add "an" before "Authentication"
Add "a" before "retransmission"
|
|
6441
|
115.00
|
9
|
11.11.2.2.1
|
What is a "FILS authentication response"?
|
Be specific about the Authentication frame(s) this is intended to refer to
|
REVISED. Change as follows:
From: "Upon transmission of the FILS authentication response, the AP shall perform key derivation per 11.11.2.3 (Key derivation with FILS authentication)"
to:
"Upon transmission of the FILS authentication frame, the AP shall perform key derivation per 11.11.2.3 (Key derivation with FILS authentication)"
|
Should be "FILS Authentication frame"
|
|
6440
|
121.00
|
3
|
11.11.2.4.2
|
Reassociation needs to be covered as well as association
|
Search for "association re" in this subclause and add "(re)" with the appropriate case in front (I find 11 instances where such a change is apparently needed, including the
subclause heading)
|
REVISED. Adopt 11-14-1626-00-00ai-CID6440-6439-6438-resolution
|
8.3.3.6 should remain as the refernce for Association Response frames only. Reassociation Response frames are in 8.3.3.8
"an (Re)Assoc" -> "a (Re)Assoc"
|
|
6439
|
119.00
|
12
|
11.11.2.4.1
|
Reassociation needs to be covered as well as association
|
Search for "association re" in this subclause and add "(re)" with the appropriate case in front (I find 8 instances where such a change is apparently needed)
|
REVISED. Adopt 11-14-1626-00-00ai-CID6440-6439-6438-resolution
|
8.3.3.5 should remain as the refernce for Association Request frames only. Reassociation Request frames are in 8.3.3.7
"an (Re)Assoc" -> "a (Re)Assoc"
|
|
6438
|
119.00
|
3
|
11.11.2.4
|
Reassociation needs to be covered as well as association
|
Search for "association re" in this subclause and add "(re)" with the appropriate case in front (I find 4 instances where such a change is apparently needed)
|
REVISED. Adopt 11-14-1626-00-00ai-CID6440-6439-6438-resolution
|
"an (Re)Assoc" -> "a (Re)Assoc" (2x)
|
|
6402
|
48.00
|
20
|
8.4.2.175
|
The FILS Session field is not described. All fields in all elements are always described in clause 8 -- that's the primary aim of clause 8!
|
Add a description of the FILS Session field
|
REVISED. Add the following sentence:
"FILS Session is a session identifier that is chosen randomly by the non-AP STA in the FILS authentication protocol.
|
Should be "The FILS Session field contains [...]".
Also need to delete "The session identifier is chosen randomly by the non-AP STA in the FILS authentication protocol." at 48.5, since this would become a duplicate.
However, I have a concern that this resolution still focuses on what it is used for rather than what it contains.
|
|
6153
|
56.00
|
|
8.4.2.181.2
|
Not all sub-fields in the IP Address Data field for response are defined. Please define all the sub-fields
|
please define all sub-fields.
|
REVISED. Adopt 11-14-1624-00-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6151
|
55.00
|
43
|
8.4.2.181.1
|
Not all sub-fields in the IP Address Data field for request are defined. Please define all the sub-fields
|
please define all sub-fields.
|
REVISED. Adopt 11-14-1624-00-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6150
|
55.00
|
43
|
8.4.2.181.1
|
IPv4 field is not defined, there is a IPv4 Request bit, and a IPv4 Request type bit, but these are not defined as an IPv4 field anywhere. In addition the bits of the IP
Address Request Control field format need to be clearly defined. Currently they are not clearly defined. Typically 802.11 will provide a bit map for the fields or a clear definition of the bit values. Please provide a clear definition of the bits and their
values, and label any "sub fields" appropriately.
|
please specify clearly what IPv4 field or IPv4 fields, IPv6 fields or IPv6 field are, otherwise, change the "B0 B1" to IPv4 field, and "B2 B3" to IPv6 field, using a format
similar to that used for the 8.4.2.181.2 IP Address Data Field for response would be preferred.
|
REVISED. Adopt 11-14-1624-00-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6117
|
54.00
|
22
|
8.4.2.181
|
What the STA is expected to do, if the IPv4 or IPv6 address that is provided through FILS IP Address Assignment element is duplicate to already existing IP address, or does
not operate correctly?
|
Clarify the expected STA behaviour when the assigned IP address does not operate correctly. Articulate operation for all main cases and provide guidance where more information
can be found. Alternatively, if the expalnations for operation in error cases cannet be given, delete the FILS IP Assignment.
|
REVISED. Adopt 11-14-1624-00-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6114
|
48.00
|
4
|
8.4.2.175
|
A random number cannot identify the used protocol. A random number can identify the session that is ongoing for a specific protocol. The session identifier is proposed by
the name of the element
|
Rewrite the description of the FILS session to provide the random number identifying the session, not the protocol.
|
REVISED per CID 6402
|
The commenter is I think saying that the element does not give an "identifier of [...] protocol" but rather the identifier of
a session of the protocol. CID 6402's resolution does not address this
|
|
6031
|
113.00
|
33
|
11.11.2.2.1
|
inside of the "steps" the procedure reads as a long stream-of-consciousness and is hard to follow
|
for all the procedures listed in all of the steps of 11.11.2.2.1, make them sub-bulleted procedures:
|
REJECTED. The description was added in addition to requirements based on several comments earlier.
|
I agree with the commenter and don't understand the reason given for rejection
|
|
6028
|
113.00
|
33
|
11.11.2.2.1
|
Get rid of the Steps
|
These "step-1" and "step-2" stuff detracts from the protocol description. If the style guide restircts going further than 5 sub-headings deep then lets consider collapsing
some sub-headers.
|
REVISED. Adopt 11-14-1623-01-00ai-CID6028-Section-reorg
|
See comments in Word doc
|
|
6437
|
100.00
|
60
|
10.45.3.2
|
Reassociation needs to be covered as well as association
|
Search for "association re" in this subclause and add "(re)" with the appropriate case in front (I find 9 instances where such a change is apparently needed)
|
REVISED. Adopt 11-14-1625-00-00ai-CID6437-resolution
|
"an (Re)Assoc" -> "a (Re)Assoc" (3x)
"in (Re)Association Response frame" -> "in the (Re)Association Response frame" (2x)
|
|
6562
|
57.00
|
44
|
8.4.2.181.2
|
It is not clear whether if B0 = 1 in IP Address Response Control then the DNS fields are necessarily absent
|
Add words to say that in this case the subfields in the DNS Info Control field are all 0 and the corresponding fields are absent
|
REVISED. Adopt 11-14-1624-00-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6791
|
|
|
8.2.4.1.9
|
8.2.4.1.9 of the baseline says "The Protected Frame field is set to 1 if the Frame Body field contains information that has been processed by a cryptographic encapsulation
algorithm. The Protected Frame field is set to 1 only within Data frames and within Management frames of subtype Authentication, and individually addressed robust Management frames. The Protected Frame field is set to 0 in all other frames, except in Control
frames of subtype Control Frame Extension where this field is reserved.." Yet FILS appears to use crypto with (Re)Association Request/Response frames
|
Change the baseline at the referenced location to allow (Re)Assoc Req/Rsp frames used in FILS authentication to have the Protected Frame field set to 1, and say somewhere
appropriate (i.e. clause 9 onwards) that such frames shall have the field so set
|
REVISED. Adopt 11-14-1627-00-00ai-CID6791-resolution-ProtectedManagementFrame
|
"(Re)Associtation Request/Resp" has a typo (should be "Association") and a non-standard abbreviation (should be "Response"
Also, the "used in FILS" is superfluous
Suggest saying simply "of subtype Authentication or (Re)Association Request/Response"
(I've looked for specific normative statements on PF bit behaviour and have failed to find any; will raise in TGmc)
|
|
6715
|
116.00
|
11
|
11.11.2.2.1
|
How many FILS HLP Container elements might be included to provide an IP address?
|
Change "FILS HLP Container element or" to "a FILS HLP Container element or a" or "one or more FILS HLP Container elements or a"
|
REJECTED. I don't see a reason to include multiple HLPs
|
a) Maybe need 2 HLPs to give IPv4 and IPv6?
b) In any case, the main point of the comment is that the wording in D3.0 is unclear since there is no article or other quantifier. If only 1 HLP is to be allowed, then the wording needs to say that, e.g. by adding "a"s as suggested by the commenter
|
|
6714
|
116.00
|
3
|
11.11.2.2.1
|
How many FILS HLP Container elements might be included to request an IP address?
|
Change "FILS HLP Container element or" to "a FILS HLP Container element or a" or "one or more FILS HLP Container elements or a"
|
REJECTED. I don't see a reason to include multiple HLPs
|
a) Maybe need 2 HLPs to request IPv4 and IPv6?
b) In any case, the main point of the comment is that the wording in D3.0 is unclear since there is no article or other quantifier. If only 1 HLP is to be allowed, then the wording needs to say that, e.g. by adding "a"s as suggested by the commenter
|
|
6445
|
92.00
|
58
|
10.3.4.3
|
What are the "the FILS authentication elements"?
|
Be specific about the elements this intended to refer to
|
REVISED. Change the following sentence
From:
If FILS authentication is being used in an ESS, the MLME shall issue an MLME-AUTHENTICATE. indication primitive to inform the SME of the authentication request, including the FILS authentication elements, and the SME shall execute the procedure described in
11.11 (Authentication for Fast Initial Link setup)
To:
If FILS authentication is being used in an ESS, the MLME shall issue an MLME-AUTHENTICATE. indication primitive to inform the SME of the authentication request, including the FILS authentication elements as defined in 11.11.2.2, and the SME shall execute the
procedure described in 11.11 (Authentication for Fast Initial Link setup)
|
11.11.2.2 does not clearly list the elements in question. Why not just delete the ", including the FILS authentication elements,"? What is the point of this aside?
|
|
6563
|
57.00
|
44
|
8.4.2.181.2
|
It is not clear whether if B0 = 1 in IP Address Response Control then the timeout also applies to the provision of DNS information (if requested)
|
Either say it does, or provide an additional timeout for DNS information
|
REVISED per CID 6562.
|
I don't think CID 6562's resolution addresses this comment, which is about whether, in the case where you're told you need to wait for n seconds for an IP address, you also
need to wait for n seconds (no more) for DNS info
|
|
6536
|
55.00
|
27
|
8.4.2.181.1
|
A STA might want to use a specific IP version for access to a DNS server
|
Make the "DNS Server Address Request" field into separate "IPv4" and "IPv6" fields (and make it clear this refers to the server address not to the type of addresses the server
returns!)
|
REJECTED. Even though the request has only one bit, the response have two separate fields for each IP version.
|
The point of the comment is that a device which does IPv4 only does not want to be given only an IPv6 DNS server. What currently ensures this won't happen?
|
|
6560
|
57.00
|
44
|
8.4.2.181.2
|
Table 8-257h does not state which fields are present in the element in this case
|
Add some words to specify this (presumably the answer is that none of the optional fields are present)
|
REVISED. Add the following text to empty cell (under Function of the field corresponding to B0): "IP Address Pending"
The above change + CID 6562 should address the issue
All the fields are present always. There is no option to include these fields conditionally.
|
I don't understand "All the fields are present always. There is no option to include these fields conditionally." What do the "(optional)"s in Figure 8-574s and the "if
X and Y are included in the element"s in Table 8-257g mean?
|
|
6559
|
57.00
|
1
|
8.4.2.181.2
|
Table 8-257g says that various things are set to 1 if X and Y are included in the element, but does not say that either both shall be included or neither
|
Add some words to that effect
|
REJECTED. All the fields are always present . There is no option to include these fields conditionally. Only the values were set conditionally as stated in the "Explaination"
column.
|
I don't understand "All the fields are always present . There is no option to include these fields conditionally." What do the "(optional)"s in Figure 8-574s and the "if
X and Y are included in the element"s in Table 8-257g mean?
|
|
6542
|
57.00
|
12
|
8.4.2.181.2
|
"An AP sets IPv4 Assigned subfield to 1 if Assigned" makes no sense
|
Add some words to make it make sense
|
REVISED. Change the following sentence as follows:
From:
"An AP sets IPv4 Assigned subfield to 1 if Assigned"
To:
"An AP sets IPv6 Assigned subfield to 1 if Assigned IPv4 address is included in the element and sets it to 0 otherwise"
|
Sets "IPv6 Assigned" if IPv4 included?!
Also missing "the"s and should be "if the Assigned IPv$n Address field is" not "if Assigned IPv$n address is"
|
|
6541
|
56.00
|
58
|
8.4.2.181.2
|
"The value of the IP Address Response Control field is defined in Table 8-257g (IP Address Response Control field with B0 = 0) and Table 8-257h (IP Address Response Control
Field with B0 = 1)." -- OK, but what does B0 indicate? The tables are of no help (both say "An AP sets IP address assignment pending subfield to [0/1] if an IP address is included in the frame:")
|
Add an explanation of what this bit indicates. In turn, get rid of the "Value" column of the Tables
|
REVISED. Change the following sentence as follows:
From:
The value of the IP Address Response Control field is defined in Table 8-257g (IP Address Response Control field with B0 = 0) and Table 8-257h (IP Address Response Control Field with B0 = 1).
To:
The value of the IP Address Response Control field is defined in Table 8-257g and Table 8-257h. When B0=0 (IP Address Pending = 0), then B0 to B7 is defined as defined in Table 8-257g. When B0=0 (IP Address Pending = 1), then B0 to B7 is defined as defined
in Table 8-257h.
|
What does "An AP sets IP address assignment pending subfield to 0 if an IP address is present in the frame." mean in Table 8-257g?
Also, what is the point of the Value column in Tables 8-257g and 8-257h?
|
|
6891
|
57.00
|
55
|
8.4.2.181.2
|
The timeout value is not specified if B1-B6 is 0.
|
Replace the Value column of B1 - B6 by "1 - 255", and add the following text in the Explanation column of B1 - B6.
---
A value of 0 is reserved.
|
REVISED. Add the following sentence to Explaination colum of B1-B6 row:
The value of 0 is reserved
|
Delete "of"
|
|
6641
|
|
|
11.11.2.2.1
|
What are all these steps in aid of? Giving them numbers doesn't help -- what is needed is to give them meanings
|
Change to something like "Step 1: frobnication", "Step 2: wazzafication", "Step 3: gloobulation" (and get rid of the hyphens before the digit!)
|
REVISED. Adopt 11-14-1623-01-00ai-CID6028-Section-reorg
|
See comments in Word doc
|