Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

[STDS-802-11-TGM] REVme CC35 CID 224

--- This message came from the IEEE 802.11 Task Group M Technical Reflector ---
Hi all,

CID 224 is scheduled on the REVme agenda for Friday's session. The comment is given below.

This comment was discussed on May 12 and the recommendation was to reject the comment with the reason.  There have been no alternative resolutions proposed however there appears to be a proposed revised resolution in document 11-21/829r7:
Option 1:
REJECTED. Aside from Suite B ciphersuites and AKMs, the 802.11 standard does not restrict which ciphers can be negotiated during security association establishment and there is no need to do so with TDLS.

Option 2
REVISED
In 12.7.8.4.2 TPK handshake message 1, after the para starting "The pairwise cipher suite list field indicating" add
“NOTE—The TDLS initiator STA might  indicate the same pairwise cipher suite as used on the connection between the STA and the AP.”
and after the sentence starting "If none of the pairwise cipher suites are acceptable" add
“NOTE—The TDLS responder STA might only accept the same pairwise cipher suite as used on the connection between the STA and the AP.”
In 12.7.8.4.3 TPK handshake message 2 after the sentence starting "Include a pairwise cipher suite" add
“NOTE—The TDLS responder STA might  select the same pairwise cipher suite as used on the connection between the STA and the AP.”

My personal preference is to go with Option 1 since the pairwise cipher may be different between the AP and the TDLS initiator/responder STA.

Cheers,

Mike

REVme SEC adhoc comments
224 12.7.8.4 There are no constraints on the cipher to use with TDLS, other than not using WEP or TKIP.  Some recommendations should be given, specifically that it should be at least as strong as the cipher used with the AP After the sentence starting "The pairwise cipher suite list field indicating " in 12.7.8.4.2 TPK handshake message 1 add "A pairwise cipher suite of key size smaller than that used on the connection between the STA and the AP should not be used." and after the sentence starting "If  none  of  the  pairwise  cipher  suites  are  acceptable" add "The TDLS responder STA should ignore any pairwise  cipher  suites of key size smaller than that used on the connection between the STA and the AP, and should reject the TDLS Setup Request frame
with status code STATUS_INVALID_PAIRWISE_CIPHER if all the pairwise cipher suites are such.".  In 12.7.8.4.3 TPK handshake message 2 after the sentence starting "Include  a  pairwise cipher  suite" add "A pairwise cipher suite of key size smaller than that used on the connection between the STA and the AP should not be used."

To unsubscribe from the STDS-802-11-TGM list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGM&A=1