Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
Hi Dan, Interesting proposal. I hope you don’t mind me providing you with my knee jerk comments.
Personally, I don’t think you need the text in 4.5.4.10.
This seems to imply that the non-AP STA encrypts the ID, which it cannot do. The generic description still works, I think. I assume the idea is that on the first association the AP chooses a device ID (fixed and long term) for that STA, but provides an encrypted version of it to the STA during msg 3 of 4W HS. The STA uses that in the IE the next association
request. The AP then gives the STA a new encrypted ID, which is in fact the same device ID, again in msg 3 of the 4W HS. This then continues.
This is certainly a viable scheme and the work is all done by the AP, and in that way is different to IRM where the STA controls. It does mean, however, that computations are required and also that the encrypted version of the ID is certainly
longer than the device ID itself. It also means that the encryption method in Annex AD is made mandatory and I don’t know if there are alternative methods for the encryption which some other ‘security guy’ might bring up. To me this is a brand new scheme in that the IE is now included in the Association Request and hence it is not the optional “opaque ID” idea which has always been there. I think it has merits but it is a new scheme and maybe supporter(s)
of the present scheme may object if that is now obsoleted. In PASN it looks to be overkill to use the opaque ID. I have a comment on using a simpler “PASN ID” for that case and this would be compatible with your new scheme. One general comment on your text, I think you need to be consistent on what it is called, “opaque device identifier” or “encrypted device ID” etc. It seems to vary. Thanks and best of luck. Unfortunately I will not be there in person in Panama, so I will not be roaming the halls bothering you :>) Graham From: Harkins, Dan <daniel.harkins@xxxxxxx>
Hello, I've uploaded 11-24/0068r0 to mentor. It proposes to add deviceID to association frames for other-than-FILS to align it better with the capabilities of IRM. It addresses comments from LB282. Please take
a look and send comments to the list (or find me roaming the halls in Panama). regards, Dan. -- "the object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." – Marcus Aurelius To unsubscribe from the STDS-802-11-TGBH list, click the following link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBH&A=1 To unsubscribe from the STDS-802-11-TGBH list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBH&A=1 |