| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
| --- This message came from the IEEE 802.11 Working Group Reflector ---
Mark, I just want something clean. In my view what 11bi is doing is not clean. I want the authentication protocols to produce a uniform output that can be used for key derivation and proof-of-possession. That
includes a protocol transcript that will bind all the various elements and goo in the messages. And I'd like PMK caching to act as if it's an authentication protocol producing that same uniform output. Then that stuff becomes the uniform input to the singular
way of deriving a PTK. 11bi is doing PTK derivation one way for the 12.16.8.1 exchange and a different way for the 12.16.8.2 exchange and a completely different way for 12.16.9 exchange! I'm also not entirely sure how PMK caching
works in 11bi but it doesn't seem like it's smooth. What's the point of the Diffie-Hellman key exchange if you're generating a PMK using some EAP method? If 11bi ends up doing things in an a more clean way then great, maybe we can converge but I think the PQC protocols provide an opportunity to do the right thing without all the baggage. regards, Dan. -- "the object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." – Marcus Aurelius On 4/11/25, 9:15 AM, "mark.hamilton2152@xxxxxxxxx" <mark.hamilton2152@xxxxxxxxx> wrote: Dan, OK, but I guess I’m thinking that if we move away from the 4-way handshake, the time to do that is with the transition to use Authentication frames,
per 802.11bi. Why do the 11bi restructuring, and then pile on the switch away from the 4-way, in series? Mark From: Harkins, Dan <daniel.harkins@xxxxxxx>
Hi Mark, My initial take is that it would not interact. I guess we could discuss how things might eventually converge but the bi draft, like all the classical crypto stuff, is still using
the 4-way handshake. I do not think the PQC protocols should use that architecture anymore.
regards, Dan. -- "the object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." – Marcus Aurelius On 4/10/25, 5:18 PM, "mark.hamilton2152@xxxxxxxxx" <mark.hamilton2152@xxxxxxxxx> wrote: Dan, I think it would be helpful to understand how this would interact with the 802.11bi direction for key derivation in Authentication frames. Any thoughts? Mark From: *** IEEE STDS-802-11 List *** <STDS-802-11@xxxxxxxxxxxxxxxxx>
On Behalf Of Harkins, Dan --- This message came from the IEEE 802.11 Working Group Reflector ---
Hello, I uploaded a slide deck, 11-25/0631r0, to the PQSG folder on mentor regarding some ideas on how to clean up 802.11's security architecture with new post quantum protocols. Please
take a look. Comments welcome and please put this on the agenda deck for our 21 April 2025 teleconference. regards, Dan. -- "the object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane." – Marcus Aurelius To unsubscribe from the STDS-802-11 list, click the following link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11&A=1 To unsubscribe from the STDS-802-11 list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11&A=1 |