Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

RE: [LinkSec] FW: [802-11Technical] <TGi> 802.1X Controlled Port

To: Mike.Moreton@synad.com, paul.congdon@hp.com, stds-802-linksec@ieee.org, stds-802-1@ieee.org, stds-802-11@ieee.org
Subject: RE: [LinkSec] FW: [802-11Technical] <TGi> 802.1X Controlled Port
From: "Bernard Aboba" <bernard_aboba@hotmail.com>
Date: Tue, 10 Jun 2003 06:36:46 -0700
Sender: owner-stds-802-linksec@majordomo.ieee.org


>I believe the reason for running two four way handshakes is to generate
>two (different) key encryption keys (and associated key MIC keys) to be
>used for encrypting the two different group keys.
>
>It sounds to me like one of those things that would probably be done
>differently, if the whole system was to be redesigned from scratch based
>on the group's current understanding.  However, given that WPA is
>already shipping, I can't see anyone suggesting it in the current
>group's lifetime.

I'm not suggesting that it be changed.  However, I *am* suggesting that the 
reasons behind this be clearly explained in the document.  While this is a 
choice made by IEEE 802.11i, it is not intrinsic to EAP, or IEEE 802.1X -- 
and therefore other applications of IEEE 802.1X (such as LINKSEC) are free 
to make different choices.

As it stands, we'll probably need to include an explanation in another 
document -- so as to dispell the misconception that two bi-directional 
authentications are intriniscally required by EAP or IEEE 802.1X.

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

Prev by Date: [LinkSec] Re: [802.1] Fwd: Re: IESG question on Ethernet related to-be-RFC
Next by Date: [LinkSec] Fwd: Re: IESG question on Ethernet related to-be-RFC
Prev by thread: RE: [LinkSec] FW: [802-11Technical] <TGi> 802.1X Controlled Port
Next by thread: [LinkSec] Link sec - EPON view
Index(es):
- Date
- Thread