Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-16-MOBILE] [security] Summary of issues and requirements for PKMv2



Title: :::::HanaFOS.com:::::
Lsc,

 

Comment inlined,

 

>And, I have a question about Protection of all EAP messages. Tunneled authentication protocols in EAP-methods, >such as PEAP, EAP-TTLs, EAP-FAST, set up TLS and transmit encrypted EAP messages. Are there needs to provide >protection for TLS Encrypted EAP messages? I think that efficiency should be considered.

 

Yes.  

Link layer protected  EAP messages could be easily supported than TLS Tunneled EAP, since EAP message itself is one of the MAC management messages that need to be protected.   Tunnelled EAP method, it does protect inner EAP methods based on assumption that SS has knowledge of chain of Trusted CA information that vouch the server.  Hovever use of TLS Tunnelled EAP is often not desirable due to messages overhead of TLS handshake protocol, processing overhead and vulnerablity of Man in the middle Attack , therefore other EAP method such as EAP-AKA is pferferred.  By the way, EAP emthod type is outside scope of 802.16e, and PKMv2 should be generic enough to support all EAP methods.

 

 

- JH SONG

 

 

 

 

 

 

 

Best Regards

 

 

--------------------------------------------
Seong Choon Lee, Ph.D.
Director
Wireless Portable Internet Division
Service Development Laboratory
KT

 

17, Woomyeon-dong, Seocho-gu,
Seoul, 137-792, Korea
Tel. +82-2-526-6153 (Æò»ý¹øÈ£: 050-2600-0328)
Mobile: +82-16-9345-6445
Fax. +82-2-526-5200
E-mail:
lsc@kt.co.kr


 
HanaFOS.com