|
CID
|
Page
|
Line
|
Clause
|
Comment
|
Proposed Change
|
Resolution
|
mgr Comments
|
|
6444
|
115.00
|
22
|
11.11.2.2.1
|
What is an "Authentication request"? Note the baseline defines the term "Authentication-Request" but (a) only for FT and (b) with a hyphen. The references on p. 97 are
too hidden
|
Be specific about the Authentication frame(s) this is intended to refer to
|
REVISED
Change the following sentence:
" If PMKSA caching was attempted and the received Authentication frame includes a PMKID that does not match a PMKID sent in the Authentication request; or if the Authentication response does not include either a PMKID or an EAP-Finish/Re-auth packet, the STA
shall abandon FILS authentication"
to:
"If PMKSA caching was attempted and the received Authentication frame includes a PMKID that does not match a PMKID sent in the Authentication frame sent in Step 1; or if PMKSA caching was not attempted (i.e. received Authentication frame does not include either
a PMKID) or an EAP-Finish/Re-auth packet, the STA shall abandon FILS authentication."
|
Something is wrong in the second bit.
Is "or if PMKSA caching was not attempted (i.e. the received Authentication frame does not include either a PMKID[deleted paren] or an EAP-Finish/Re-auth packet)" what is intended, moving the closing paren (and adding the article)?
Also replace the semicolon with a comma.
Also, surely attempting PMKSA caching is based on a PMKID in the first auth frame, not in the second ("received") one?
|
|
6440
|
121.00
|
3
|
11.11.2.4.2
|
Reassociation needs to be covered as well as association
|
Search for "association re" in this subclause and add "(re)" with the appropriate case in front (I find 11 instances where such a change is apparently needed, including the
subclause heading)
|
REVISED. Adopt 11-14-1626-01-00ai-CID6440-6439-6438-resolution
|
It's not "section <n>", it's "Subclause <n>"
Still one "an (Re)Association"
|
|
6439
|
119.00
|
12
|
11.11.2.4.1
|
Reassociation needs to be covered as well as association
|
Search for "association re" in this subclause and add "(re)" with the appropriate case in front (I find 8 instances where such a change is apparently needed)
|
REVISED. Adopt 11-14-1626-01-00ai-CID6440-6439-6438-resolution
|
It's not "section <n>", it's "Subclause <n>"
|
|
6402
|
48.00
|
20
|
8.4.2.175
|
The FILS Session field is not described. All fields in all elements are always described in clause 8 -- that's the primary aim of clause 8!
|
Add a description of the FILS Session field
|
REVISED. Add the following sentence:
"FILS Session element contains session field that is chosen randomly by the non-AP STA in the FILS authentication protocol. FILS session field is an identifier that is used to uniquely identify the FILS authentation session that is in progress"
|
The first sentence is not needed as the info is already in the first sentence of the subclause. I suggest just adding "The FILS Session field contains the identifier." at
48.20 and deleting "session" at 48.5.
|
|
6153
|
56.00
|
|
8.4.2.181.2
|
Not all sub-fields in the IP Address Data field for response are defined. Please define all the sub-fields
|
please define all sub-fields.
|
REVISED. Adopt 11-14-1624-01-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6151
|
55.00
|
43
|
8.4.2.181.1
|
Not all sub-fields in the IP Address Data field for request are defined. Please define all the sub-fields
|
please define all sub-fields.
|
REVISED. Adopt 11-14-1624-01-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6150
|
55.00
|
43
|
8.4.2.181.1
|
IPv4 field is not defined, there is a IPv4 Request bit, and a IPv4 Request type bit, but these are not defined as an IPv4 field anywhere. In addition the bits of the IP
Address Request Control field format need to be clearly defined. Currently they are not clearly defined. Typically 802.11 will provide a bit map for the fields or a clear definition of the bit values. Please provide a clear definition of the bits and their
values, and label any "sub fields" appropriately.
|
please specify clearly what IPv4 field or IPv4 fields, IPv6 fields or IPv6 field are, otherwise, change the "B0 B1" to IPv4 field, and "B2 B3" to IPv6 field, using a format
similar to that used for the 8.4.2.181.2 IP Address Data Field for response would be preferred.
|
REVISED. Adopt 11-14-1624-01-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6117
|
54.00
|
22
|
8.4.2.181
|
What the STA is expected to do, if the IPv4 or IPv6 address that is provided through FILS IP Address Assignment element is duplicate to already existing IP address, or does
not operate correctly?
|
Clarify the expected STA behaviour when the assigned IP address does not operate correctly. Articulate operation for all main cases and provide guidance where more information
can be found. Alternatively, if the expalnations for operation in error cases cannet be given, delete the FILS IP Assignment.
|
REVISED. Adopt 11-14-1624-01-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6114
|
48.00
|
4
|
8.4.2.175
|
A random number cannot identify the used protocol. A random number can identify the session that is ongoing for a specific protocol. The session identifier is proposed by
the name of the element
|
Rewrite the description of the FILS session to provide the random number identifying the session, not the protocol.
|
REVISED per CID 6402
|
The commenter is I think saying that the element does not give an "identifier of [...] protocol" but rather the identifier of
a session of the protocol. CID 6402's resolution does not address this
|
|
6031
|
113.00
|
33
|
11.11.2.2.1
|
inside of the "steps" the procedure reads as a long stream-of-consciousness and is hard to follow
|
for all the procedures listed in all of the steps of 11.11.2.2.1, make them sub-bulleted procedures:
|
REJECTED. The description was added in addition to requirements based on several comments earlier.
|
I agree with the commenter and don't understand the reason given for rejection. What does "based on several comments earlier" mean?
|
|
6029
|
113.00
|
60
|
11.11.2.2.1
|
"the specific type of FILS authentication" is known
|
this is a sub-heading dealing with shared key authentication so the authentication type should be set to shared key authentication.
|
REVISED. Change the following sentence:
From:
"The random nonce shall be encoded in the FILS nonce field (see 8.4.1.59 (FILS Nonce field)), and the FILS authentication type shall be set to indicate the specific type of FILS authentication"
To:
"The random nonce shall be encoded in the FILS nonce field (see 8.4.1.59 (FILS Nonce field)), and the FILS authentication type shall be set to FILS shared key authentication as defined in Table 8-257b."
|
Should be "FILS Nonce field" (also in 11.11.2.2.2, twice)
|
|
6028
|
113.00
|
33
|
11.11.2.2.1
|
Get rid of the Steps
|
These "step-1" and "step-2" stuff detracts from the protocol description. If the style guide restircts going further than 5 sub-headings deep then lets consider collapsing
some sub-headers.
|
REVISED. Adopt 11-14-1623-02-00ai-CID6028-Section-reorg
|
Why is what was 11.11.2.2 being deleted? It seems like a useful intro
Typo: "subcluase"
"using public key" ... what?
Why does the new 11.11.2.3 not have figures and steps?
First para of 11.11.2.3 does not follow the pattern of that of 11.11.2.2
|
|
6562
|
57.00
|
44
|
8.4.2.181.2
|
It is not clear whether if B0 = 1 in IP Address Response Control then the DNS fields are necessarily absent
|
Add words to say that in this case the subfields in the DNS Info Control field are all 0 and the corresponding fields are absent
|
REVISED. Adopt 11-14-1624-01-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6791
|
|
|
8.2.4.1.9
|
8.2.4.1.9 of the baseline says "The Protected Frame field is set to 1 if the Frame Body field contains information that has been processed by a cryptographic encapsulation
algorithm. The Protected Frame field is set to 1 only within Data frames and within Management frames of subtype Authentication, and individually addressed robust Management frames. The Protected Frame field is set to 0 in all other frames, except in Control
frames of subtype Control Frame Extension where this field is reserved.." Yet FILS appears to use crypto with (Re)Association Request/Response frames
|
Change the baseline at the referenced location to allow (Re)Assoc Req/Rsp frames used in FILS authentication to have the Protected Frame field set to 1, and say somewhere
appropriate (i.e. clause 9 onwards) that such frames shall have the field so set
|
REVISED. Adopt 11-14-1627-01-00ai-CID6791-resolution-ProtectedManagementFrame
|
No space after "(Re)"
"used in the Fast Initial Link setup (FILS)" is inappropriate since the statement is just a general one that the PF bit might be set in a (re)assoc req/rsp
Suggest:
The Protected Frame field is set to 1 only within Data frames and within Management frames of subtype Authentication and (Re)Association Request/Response, and individually addressed robust Management frames.
|
|
6714
|
116.00
|
3
|
11.11.2.2.1
|
How many FILS HLP Container elements might be included to request an IP address?
|
Change "FILS HLP Container element or" to "a FILS HLP Container element or a" or "one or more FILS HLP Container elements or a"
|
REVISED. Modify as follows:
From:
"The STA may also include FILS HLP Container element or FILS IP Address Assignment element to request IP address"
To:
"The STA may also include a FILS HLP Container element or a FILS IP Address Assignment element to request IP address"
|
Should be "request an IP address"
|
|
6563
|
57.00
|
44
|
8.4.2.181.2
|
It is not clear whether if B0 = 1 in IP Address Response Control then the timeout also applies to the provision of DNS information (if requested)
|
Either say it does, or provide an additional timeout for DNS information
|
REVISED. Modify 4th column, 3rd row of Table 8-257h from :
"IP address request timeout value is the maximum
estimated time in the unit of seconds within which
the AP may assign an IP address to the requesting
STA"
To:
"IP address request timeout value is the maximum
estimated time in the unit of seconds within which
the AP may assign an IP address and DNS address to the requesting
STA"
|
An AP does not assign a DNS address to a STA. It provides one. Change to "may assign an IP address and provide a DNS server address"
|
|
6536
|
55.00
|
27
|
8.4.2.181.1
|
A STA might want to use a specific IP version for access to a DNS server
|
Make the "DNS Server Address Request" field into separate "IPv4" and "IPv6" fields (and make it clear this refers to the server address not to the type of addresses the server
returns!)
|
REVISED. Adopt 11-14-1624-01-00ai-CID6117-6150-6151-6153-6543-6562-resolution
|
See comments in Word doc
|
|
6560
|
57.00
|
44
|
8.4.2.181.2
|
Table 8-257h does not state which fields are present in the element in this case
|
Add some words to specify this (presumably the answer is that none of the optional fields are present)
|
REVISED. Add the following text to empty cell (under Function of the field corresponding to B0): "IP Address Pending"
The above change + CID 6562 should address the issue
All the fields are present always. There is no option to include these fields conditionally.
|
The comment was not about the subfields of the IP Address Response Control field but about the fields of the FILS IP Address Assignment element
|
|
6559
|
57.00
|
1
|
8.4.2.181.2
|
Table 8-257g says that various things are set to 1 if X and Y are included in the element, but does not say that either both shall be included or neither
|
Add some words to that effect
|
REJECTED. All the fields are always present . There is no option to include these fields conditionally. Only the values were set conditionally as stated in the "Explaination"
column.
|
The comment was not about the subfields of the IP Address Response Control field but about the fields of the FILS IP Address Assignment element
|
|
6542
|
57.00
|
12
|
8.4.2.181.2
|
"An AP sets IPv4 Assigned subfield to 1 if Assigned" makes no sense
|
Add some words to make it make sense
|
REVISED. Change the following sentence as follows:
From:
"An AP sets IPv4 Assigned subfield to 1 if Assigned"
To:
"An AP sets IPv4 Assigned subfield to 1 if the Assigned IPv4 address is included in the element and sets it to 0 otherwise"
|
Missing "the"s and should be "if the Assigned IPv$n Address field is" not "if Assigned IPv$n address is"
|
|
6541
|
56.00
|
58
|
8.4.2.181.2
|
"The value of the IP Address Response Control field is defined in Table 8-257g (IP Address Response Control field with B0 = 0) and Table 8-257h (IP Address Response Control
Field with B0 = 1)." -- OK, but what does B0 indicate? The tables are of no help (both say "An AP sets IP address assignment pending subfield to [0/1] if an IP address is included in the frame:")
|
Add an explanation of what this bit indicates. In turn, get rid of the "Value" column of the Tables
|
REVISED. Change the following sentence as follows:
From:
The value of the IP Address Response Control field is defined in Table 8-257g (IP Address Response Control field with B0 = 0) and Table 8-257h (IP Address Response Control Field with B0 = 1).
To:
The value of the IP Address Response Control field is defined in Table 8-257g and Table 8-257h. When B0=0 (IP Address Pending = 0), then B0 to B7 is defined as defined in Table 8-257g. When B0=0 (IP Address Pending = 1), then B0 to B7 is defined as defined
in Table 8-257h.
|
What is the point of the Value column in Tables 8-257g and 8-257h?
|
|
6641
|
|
|
11.11.2.2.1
|
What are all these steps in aid of? Giving them numbers doesn't help -- what is needed is to give them meanings
|
Change to something like "Step 1: frobnication", "Step 2: wazzafication", "Step 3: gloobulation" (and get rid of the hyphens before the digit!)
|
REVISED. Adopt 11-14-1623-02-00ai-CID6028-Section-reorg
|
Why is what was 11.11.2.2 being deleted? It seems like a useful intro
Typo: "subcluase"
"using public key" ... what?
Why does the new 11.11.2.3 not have figures and steps?
First para of 11.11.2.3 does not follow the pattern of that of 11.11.2.2
|