Re: [STDS-802-16] [STDS-802-16-MOBILE] [security] PKM-EAP Pair Mismatch
Donnie,
Is the location of the authenticator always going to be in the base?
Possibly not if we ever extend security to cover mesh modes.
Either way, I suspect that if we just reduced the PKM-EAP packet to
being a single message that can be sent in either direction, then it
would address all objections (layer violations and direction mapping)
and work with whatever EAP scenario hits us in the future. Do you agree
Jeff?
DJ
-----Original Message-----
From: owner-stds-802-16@listserv.ieee.org
[mailto:owner-stds-802-16@listserv.ieee.org] On Behalf Of galahad
Sent: Tuesday, July 20, 2004 6:48 PM
To: STDS-802-16@listserv.ieee.org
Subject: Re: [STDS-802-16] [STDS-802-16-MOBILE] [security] PKM-EAP Pair
Mismatch
Hi, Jeff!
Had a plesant trip back to your home? I'm still suffering from a little
jet lag.
Couple of days I thought of just deleting entire PKM bi-directional text
from my contribution and resubmit just the one EAP-Transfer text
portion.
But last night, one question poped into my mind. I remember you objected
my contribution because you insisted that EAP-Request may come from MSS
side.
But as I explained during presentation session at Portland, RFC 2284(see
below excerpted text) clearly specifies that EAP-Request is sent by the
AUTHENTICATOR to the peer. Not by MSS to BS. And still changing PKM to
be bi-directional does not harm anything to the standard and does not
incur backward compatibility problem.
So please re-consider my contribution again and reply me. RSVP
My best regards,
*********************************************************
4.1 Request and Response
Description
The Request packet (Code field set to 1) is sent by the
authenticator to the peer. Each Request has a Type field which
serves to indicate what is being requested. Additional Request
packets MUST be sent until a valid Response packet is received, or
an optional retry counter expires.
----- Original Message -----
From: "galahad" <galahad@netsgo.com>
To: <jmandin@warpmail.net>
Sent: Wednesday, July 14, 2004 8:26 AM
Subject: Re: [STDS-802-16-MOBILE] [security] PKM-EAP Pair Mismatch
> Maybe you're right that this is NOT a problem from the perspective of
> MAC design. But if a person who is new to IEEE 802.16e standard have a
> look at it, he might be uncomfortable with that. Because of that pair
> mismatch. I mean we can make it more elaborate than before, but why
> stay with current one which is not pretty and awkward.
>
> And I don't see any reason of my solution introduces inconsistencies
between
> EAP-transfer and the other PKM messages. Could you explain this in
> more detail, pls?
>
> ----- Original Message -----
> From: <jmandin@warpmail.net>
> To: "galahad" <galahad@netsgo.com>
> Sent: Wednesday, July 14, 2004 7:43 AM
> Subject: Re: [STDS-802-16-MOBILE] [security] PKM-EAP Pair Mismatch
>
>
> > Donnie,
> >
> > Essentially: Messages from the SS to the BS are contained in
> > PKM-Requests; messages in the other direction are contained in
> > PKM-Responses. The fact that the message inside a Response happens
> > to be called an EAP-Request is not interesting as far as the
> > correctness of our MAC design is concerned.
> >
> > EAP-Transfer-Request means "upstream direction EAP transfer", and
> > doesn't relate to the content of the EAP message.
> >
> > So the problem isn't really a problem; and the solution introduces
> > inconsistencies between EAP-transfer and the other PKM messages.
> >
> > One clarification that occurs to me is the PKMId field for
> > EAP-transfer messages should really be 0, as there is no such thing
> > as correlation of requests and responses (since it's all
transparent).
> >
> > If you'd like to talk about it, then please feel free.
> >
> > BR,
> >
> > - Jeff
> >
> > On Wed, 14 Jul 2004 06:54:48 +0900, "galahad" <galahad@netsgo.com>
said:
> > > About "C80216e-04_049r6 Bi-directional PKM messages for EAP
> > > messages", could you reiterate what was the reason of rejection?
> > >
> > > Do you want to leave current text as it is or want some
> > > modification
> > > to my contribution?
> > >
> > >
> > > I'd appreciate your reply.
> > >
> > > Best regards,
> > >
> > > ==================================
> > > Donnie Dongkie Lee
> > > Seorindong 99, JongRoGu
> > > Seoul, Korea
> > > SK Telecom
> > > Phone: +82-2-6323-3147
> > > Mobile: +82-11-758-4359
> > > E-Mail: galahad@nate.com
> > > galahad@netsgo.com
> > > ============================
> > --
> >
> > jmandin@warpmail.net
> >
> >
> >
> >
>