Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)

To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Subject: Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)
From: Vladimir Yanover <vladimir.yanover@ALVARION.COM>
Date: Wed, 9 Jun 2004 21:09:48 +0300
Reply-To: Vladimir Yanover <vladimir.yanover@ALVARION.COM>
Sender: owner-stds-802-16-mobile@LISTSERV.IEEE.ORG

Doesn't 802.16e already contain idea of coexisting of two mechanisms
[Pre-authentication as a part of "association" and backbone transfer of
context] ?

-----Original Message-----
From: Jeff Mandin
To: STDS-802-16-MOBILE@LISTSERV.IEEE.ORG
Sent: 6/7/2004 8:40 PM
Subject: [STDS-802-16-MOBILE] [security]  Pre-authentication discussion
(resend)

 From the discussion about post-handoff authentication, there seems to
be consensus in the adhoc for Jung-won's idea that two mechanisms will
co-exist:

    1)  Pre-authentication
    2) Backbone Transfer of Derived Context (suitably secured obviously)

I'd like to hear adhoc-ers' views on how generally to support
pre-authentication in PKMv2.

The mechanism we choose for supporting pre-authentication has
potentially significant implications.  The requirements for pre-auth
support would be:

     1. Well-understood  behaviour

     2. Facilitate pre-auth to a BS on the same provider or a different
provider.

     3. Enable establishment of the shared-secret Pairwise Master Key
and determination of success/failure of the authentication

     4. Do not preclude pre-auth to different media (via 802.21 or
what-have-you).  Similarly, do not preclude pre-auth to an unadvertised
neighbor.

802.1X authentication satisfies all of these. The caveat is that for the
moment 802.1X can only be used within a single IP subnet; but extending
it to work over IP has been discussed a lot and seems trivial.

- Jeff Mandin
Security Adhoc Chair

This mail passed through mail.alvarion.com

************************************************************************
************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.
************************************************************************
************
This mail was sent via mail.alvarion.com

************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

Follow-Ups:
- Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)
  - From: Jeff Mandin <jmandin@STREETWAVES-NETWORKS.COM>

Prev by Date: Re: [STDS-802-16-MOBILE] [Handoff] Servie Requirement related with HO
Next by Date: Re: [STDS-802-16-MOBILE] [Handoff] Some additional thoughts on Ha ndover process
Prev by thread: [STDS-802-16-MOBILE] [Handoff] Note from Brian
Next by thread: Re: [STDS-802-16-MOBILE] [security] Pre-authentication discussio n (resend)
Index(es):
- Date
- Thread