I take no position for now on the proposals made in 18/0867r0, but I do
agree with CID 1057 that the way in which the password identifier is to
be used is unclear. Looking at the draft I can only find (beyond frame
formats and making sure the password identifier is present when
needed etc.):
The Password identifier element contains a string used to look up a password.
When a "password identifier" is called for in the description of SAE that follows, the identifier from the
dot11RSNConfigPasswordValueTable is used.
This variable is a UTF-8 string that an implementation uses to uniquely
identify a password to support provisioning multiple passwords for
a single PeerMac."
18/0202r3 doesn't really shed any more light on the nature of the
password identifier. However, the implication of the brief discussion
might be that the password identifier might be something like
"Bob's phone". In that case the privacy concern expressed in CID 1056
would have merit.
Thanks,
Mark
Note: Pursuant to the notice at the end of this email, this email
is addressed to everyone involved in 802.11 work, and does
not contain protected information. Full dissemination,
distribution, copying and use is authorised.
--
Mark RISON, Standards Architect, WLAN English/Esperanto/Français
Samsung Cambridge Solution Centre Tel: +44 1223 434600
Innovation Park, Cambridge CB4 0DS Fax: +44 1223 434601
ROYAUME UNI WWW:
http://www.samsung.com/uk
From: Harkins, Daniel [mailto:daniel.harkins@xxxxxxx]
Sent: 17 May 2018 00:50
To: STDS-802-11@xxxxxxxxxxxxxxxxx
Subject: [STDS-802-11] TGmd CIDs 1056, and 1057.. REJECT
--- This message came from the IEEE 802.11 Working Group Reflector ---
Hello,
CIDs 1056 and 1057 deal with the SAE Password Identifier that was added to the REVmd
draft in January (11-18/0202r3). CID 1056 raises a privacy concern since the Password
Identifier is passed in the clear and CID 1057 requests a generation technique for identifiers.
Both CIDs state that the "commenter will bring a contribution." Document 11-18/0867r0
is by the commenter(s) and proposes resolution to both CIDs. Unfortunately, the proposed
solution will gut the security of the standard.
SAE was very carefully designed to be resistant to dictionary attack and the proposed
resolution to these CIDs adds in a dictionary attack against SAE. And if that isn't bad enough,
the dictionary attack it introduces is *three orders of magnitude faster* than the dictionary
attack against PSK mode. This is profoundly bad idea that should be rejected.
The case for the privacy concern was not adequately brought, in my opinion, and the use
case for the Password Identifier does not really introduce any new privacy issues.
For these two reasons—lack of a clear problem, solution that destroys security—I propose
that CIDs 1056 and 1057 be rejected. If text is needed to add to the comment spreadsheet to
justify rejection I think it can be cobbled together from the paragraphs above and I would be
happy to do such cobbling if need be.
regards,
Dan.
To unsubscribe from the STDS-802-11 list, click the following link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11&A=1
|
|
To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1