|
Hi Philippe,
Dan,
You are not missing anything. I was not suggesting the frame must be identical to the 802.3 wired one...I was suggesting to make the encrypted frame format compatible with MACsec i.e. specifying which header fields have to be left authenticated but unencrypted...
(Note: I assume that your statement "to make…compatible" implies that you want a MACsec
implementation to be able to decrypt and verify one of these frames that transited an 802.11
link. That is the basis for the following statement. If that assumption is wrong then please let
me know).
If you're not suggesting that the frame formats be identical then I don't know how "to make
the encrypted frame format compatible". There are things in an 802.11 header that are not
in an 802.3 header and those things need to be part of the AAD. MACsec does not address those
parts of an 802.11 header so there is no way to make the two compatible.
Dan.
/Ph
Sent from my iPhone
Hi Philippe,
Hi Dan,
I understand it is the case today but as EPD mode is a totally “new” format for 802.11 should we try to unified as much as possible with the Ethernet format including encrypted
frame format ? This was the initial sense of my question …
OK, it's a new format, but it's still an 802.11 frame. It's gonna have the 802.11 MAC header
with the frame control field and the 4 addresses, right? If so then that stuff has to be part of
the AAD and as such it is still an encapsulation using GCM according to the 802.11 standard.
Or am I missing something?
Dan.
/Ph
The current P802.11ak_D0.06 draft version does not mention any requirement in regard to the encryption of EPD formatted frames.
I suggest we add a requirement that EPD formatted frames must be encrypted in a way compatible with IEEE 802.1AE (MACsec) as the 802.3/Ethernet frames are (notice that 802.11ad crypto mode is AES-GCM, the same
crypto mode that the default Cypher Suite of 802.1AE).
While the cipher mode is the same the format of the frames and the location of the AAD passed to
AES-GCM is different. I think if it's an 802.11 frame it should be protected the way the 802.11 standard
If you agree I will post a contribution that could be discuss next Monday during the conf call.
Thank you
/Philippe
Philippe Klein, PhD |Technical Director, Broadband Technology Group
Broadcom Corporation
| Golan House, P.O.Box 273, Airport City, 70100 Israel
(M) +972 54 313 4500 |
philippe@xxxxxxxxxxxx
_______________________________________________________________________________
IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this CLOSED reflector. We use this valuable tool to communicate on the issues at hand.
SELF SERVICE OPTION: Point your Browser to -
http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and then amend your subscription on the form provided. If you require removal from the reflector press the LEAVE button.
Further information can be found at:
http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________
_______________________________________________________________________________
IF YOU WISH to be Removed from this reflector, PLEASE DO NOT send your request to this
CLOSED reflector. We use this valuable tool to communicate on the issues at hand.
SELF SERVICE OPTION:
Point your Browser to - http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGAK and
then amend your subscription on the form provided. If you require removal from the reflector
press the LEAVE button.
Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html
_______________________________________________________________________________
|