Would the following be satisfactory?
Otherwise, there is no restriction on each DA, except that the DA in the first A-MSDU
subframe header shall not be AA-AA-03-00-00-00.
NOTE—The address AA-AA-03-00-00-00 is that which results from an attack in which a
QoS Data frame not containing an A-MSDU (whose unencrypted frame body therefore starts with an LLC header followed by a SNAP header constructed per IETF RFC 1042) has the (unprotected)
A-MSDU Present subfield changed to 1 by an attacker to cause it to appear to be an A-MSDU with multiple MSDUs (each preceded by an A-MSDU
subframe header, which starts with the DA).
[…]
666The check on the DA in the first A-MSDU
subframe header is important to defend against attacks from malicious outsiders when SPP A-MSDUs are not being used. The checks on the SAs being the
nonbandwidth signalling TA are important to defend against impersonation attacks from malicious insiders.
Thanks,
Mark
--
Mark RISON, Standards Architect, WLAN English/Esperanto/Français
Samsung Cambridge Solution Centre Tel: +44 1223 434600
Innovation Park, Cambridge CB4 0DS Fax: +44 1223 434601
ROYAUME UNI WWW:
http://www.samsung.com/uk
From:
Jon Rosdahl <jrosdahl@xxxxxxxx>
Sent: Tuesday, 17 August 2021 13:15
To: STDS-802-11-TGM@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-802-11-TGM] document 11-21/0816
--- This message came from the IEEE 802.11 Task Group M Technical Reflector ---
I agree with Dan.
As I stated on the call I was uncomfortable with the reference.
Adding an annex as one extreme could also be considered.
A paragraph may be enough to explain what is being done.
The full "why" may not be needed.
FWIW
Jon
On Aug 16, 2021, at 12:52 PM, "Harkins, Daniel" <daniel.harkins@xxxxxxx>
wrote:
--- This message came from the IEEE 802.11 Task Group M Technical Reflector ---
Hi,
In today's teleconference we reviewed document 11-21/0816. The submission suggests adding a reference to one of Mathy Vanhoef's papers. While a USENIX site is better than a personal website, for stability purposes, I still question whether we need such a reference.
I think we just need to provide a technical explanation for what we're doing (e.g. if we're adding "magic numbers" like AA-AA-03" to check against we need to explain the significance of that number and not rely on any magic) but we don't need to refer to analysis of previous versions of the standard that compelled some text in the current version. I don't believe we have done that before with other security-related fixes and I don't think it's a good precedent to start. If we need more text to explain the rationale behind the change then let's add that instead.
regards,
Dan.
--
"the object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." – Marcus Aurelius
To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1
To unsubscribe from the STDS-802-11-TGM list, click the following link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1
To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1