>And, I have a question about
Protection of all EAP messages. Tunneled authentication protocols in
EAP-methods, >such as PEAP, EAP-TTLs, EAP-FAST, set up TLS and transmit
encrypted EAP messages. Are there needs to provide >protection for TLS
Encrypted EAP messages? I think that efficiency should be
considered.
Yes.
Link layer
protected EAP messages could be
easily supported than TLS Tunneled EAP, since EAP message
itself is one of the MAC management messages that need to be
protected. Tunnelled EAP
method, it does protect inner EAP methods based on assumption
that SS has knowledge of chain of Trusted CA information that
vouch the server. Hovever use of TLS Tunnelled EAP is often not
desirable due to messages overhead of TLS
handshake protocol, processing overhead and vulnerablity
of Man in the middle Attack , therefore other EAP
method such as EAP-AKA is pferferred. By the way, EAP
emthod type is outside scope of 802.16e, and PKMv2 should be generic
enough to support all EAP methods.
- JH SONG
Best Regards
--------------------------------------------
Seong Choon Lee,
Ph.D.
Director
Wireless Portable Internet
Division
Service Development
Laboratory
KT
17, Woomyeon-dong,
Seocho-gu,
Seoul, 137-792,
Korea
Tel. +82-2-526-6153 (Æò»ý¹øÈ£:
050-2600-0328)
Mobile:
+82-16-9345-6445
Fax.
+82-2-526-5200
E-mail: lsc@kt.co.kr