Re: [STDS-802-11-TGBE] [PDT] Feedback Requested for PDT on for MLO Multi-Link Security: Operation

[Rojan Chitrakar <rojan.chitrakar@xxxxxxxxxxxxxxxx>]

Hi Gaurav,

 

Thanks for the PDT. I had sent you an email earlier but I will repeat my comments here:

 

1. I understand now what you are trying to achieve with the below: using MLD MAC Addresses instead of A1/A2 of the retransmitted frame right? How about changing as below to maintain baseline compatibility?:

 

2)       Use the fields in the MPDU header to construct the additional authentication data (AAD) for CCM. The CCM algorithm provides integrity protection for the fields included in the AAD. MPDU header fields that may change when retransmitted are muted by being  masked to 0 or being set to a known value when calculating the AAD as described in 12.5.3.3.3 (Construct AAD).

 

2. For the AAD and Nonce construction texts, the dot11MultiLinkActivated MIB will only capture the fact that the local device is an MLD, but not whether the peer device is also an MLD. It is better to explicitly state that MLD MAC Addresses are used in AAD and Nonce only when the transmitter and (intended) receiver are both MLDs.

 

3. For the decapsulation text, I think it is better to use the same style as used in previous sections (new proposed text in red for your consideration):

 

a)        (11ah)For secure PV0 MPDUs, CCMP decrypts the Frame Body field of a cipher text MPDU and decapsulates a plaintext MPDU using the following steps:

1)       (#4614)(11ah)The encrypted MPDU is parsed to construct the AAD (see 12.5.3.3.3 (Construct AAD(#2720))) and nonce (see 12.5.3.3.4 (Construct CCM nonce(#2720))) values. In addition, if the intended receiver of the MPDU is an MLD if dot11MultiLinkActivated is true, either or both of To DS or From DS subfields in the MAC header of the MPDU is set to 1, and the MPDU is an individually addressed Data frame transmitted by a STA affiliated with an MLD, then the intended transmitter and receiver MLD MAC Addresses are is passed to construct the AAD (see 12.5.3.3.3 (Construct AAD)) and nonce (see 12.5.5.3.4 (Construct CCM nonce)) values.

 

Regards,

Rojan

 

From: Gaurav Patwardhan <gauravpatwardhan1@xxxxxxxxx>
Sent: Tuesday, March 2, 2021 2:46 PM
To: STDS-802-11-TGBE@xxxxxxxxxxxxxxxxx
Subject: [STDS-802-11-TGBE] [PDT] Feedback Requested for PDT on for MLO Multi-Link Security: Operation

 

Hello All,

 

The PDT for the passed SPs related to MLO Security: Operation was presented today and can be found at the link below.

 

https://mentor.ieee.org/802.11/dcn/21/11-21-0233-01-00be-pdt-mld-security-considerations.docx 

 

Please let me know if you have any comments or feedback.

 

With Regards,

Gaurav Patwardhan

(Hewlett Packard Enterprise)

---

To unsubscribe from the STDS-802-11-TGBE list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBE&A=1

---

To unsubscribe from the STDS-802-11-TGBE list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBE&A=1