Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-16-MOBILE] [security] Issue Resolution and Timeline



Title:
Actually not necessary.
PKMv2 may support PAK (Primary Authorization Key) and top level authorization association concept that will be used for authenticating MAC management messages before EAP method exchanged.
 
 
- JH SONG
----- Original Message -----
Sent: Wednesday, June 02, 2004 10:26 AM
Subject: Re: [STDS-802-16-MOBILE] [security] Issue Resolution and Timeline

In particular, don't create a race condition.  Those messages necessary to enter the system prior to key exchange cannot be encrypted.
 
Ken


From: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG [mailto:owner-stds-802-16-mobile@LISTSERV.IEEE.ORG] On Behalf Of JunHyuk Song
Sent: Tuesday, June 01, 2004 6:02 PM
To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-16-MOBILE] [security] Issue Resolution and Timeline

Hi Jeff,
 
My comment is inlined.

2.  Confidentiality of MAC management messages - what is the specific reason we are considering it?

    - It can be computationally expensive for an SS.

    - Geographic privacy is anyway compromised by including SS-ID in RNG-REQ (and, incidentally, Service Level Prediction in RNG-RSP "compromises" information about network provisioning)

    - If disclosure of SSIds is really a concern, the SSIds could actually be left out from EAP-Identity, REG-REQ, and possibly other msgs
Agree, not all MAC management messages need to be encrypted.  But confidentiality for certain types of MAC management messages such as PKM EAP is needed.
 

- Jeff

Jeff Mandin
Security Adhoc Chair
 
Thanks,
JH SONG