Re: [STDS-802-16-MOBILE] [security] Issue Resolution and Timeline

Thread Links	Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Actually not necessary.

PKMv2 may support PAK (Primary Authorization Key) and top level authorization association concept that will be used for authenticating MAC management messages before EAP method exchanged.

- JH SONG

----- Original Message -----

From: Ken Stanwood

To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG

Sent: Wednesday, June 02, 2004 10:26 AM

Subject: Re: [STDS-802-16-MOBILE] [security] Issue Resolution and Timeline

In particular, don't create a race condition. Those messages necessary to enter the system prior to key exchange cannot be encrypted.

Ken

From: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG [mailto:owner-stds-802-16-mobile@LISTSERV.IEEE.ORG] On Behalf Of JunHyuk Song
Sent: Tuesday, June 01, 2004 6:02 PM
To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-16-MOBILE] [security] Issue Resolution and Timeline

Hi Jeff,

My comment is inlined.

2. Confidentiality of MAC management messages - what is the specific reason we are considering it?

    - It can be computationally expensive for an SS.

    - Geographic privacy is anyway compromised by including SS-ID in RNG-REQ (and, incidentally, Service Level Prediction in RNG-RSP "compromises" information about network provisioning)

    - If disclosure of SSIds is really a concern, the SSIds could actually be left out from EAP-Identity, REG-REQ, and possibly other msgs

Agree, not all MAC management messages need to be encrypted. But confidentiality for certain types of MAC management messages such as PKM EAP is needed.

- Jeff

Jeff Mandin
Security Adhoc Chair

Thanks,

JH SONG