1 / 14

Proposed solutions to comments on section 7

Proposed solutions to comments on section 7. Minor comments. Doc 294 Minor comments and resolutions Bad use of “shall” Incorrect cut and paste Not always saying only use ESN functionality if ESN capable Define ID numbers Better diagrams Not clear encrypting only data frames

fordon
Download Presentation

Proposed solutions to comments on section 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Proposed solutions to comments on section 7

  2. Minor comments • Doc 294 • Minor comments and resolutions • Bad use of “shall” • Incorrect cut and paste • Not always saying only use ESN functionality if ESN capable • Define ID numbers • Better diagrams • Not clear encrypting only data frames • Description of usage of elements should be in section 5 not 7 • NULL security to 0.0.0.0 and move rest down • We do not mandate all ESN – make recommended not mandatory

  3. Major comments • Unspecified authentication • Kerberos Optimization • Which elements are in which messages • How Multicast Ciphers are negotiated • ESN without ULA

  4. Unspecified authentication • Use of unspecified authentication to allow 802.1X to decide • WG discussed this before and there were deployments that it was useful for – reject

  5. Kerberos optimization • Information elements are optional, all authentication methods must run without the information elements. • The elements defined are optimized for Kerberos

  6. Beacon • Client may optimize if supplied but if not can find out either via probe or associate/re-associate • ASE optional • UCSE optional • MCSE optional • Realm Name optional • Principal Name optional

  7. Probe Request • Client asks for what it wants to optimize, a STA that is not ESN capable does not supply the elements in the response • 802.11d Request Element containing • ASE, UCSE, MCSE, Realm Name or Principal Name element IDs

  8. Probe Response • If ESN capable must supply whatever elements were asked for in Probe Req Request Element • ASE optional • UCSE optional • MCSE optional • Realm Name optional • Principle Name optional

  9. Associate Request • ASE optional • Left to other STA if not supplied • UCSE optional • Left to other STA if not supplied • MCSE optional • Left to other STA if not supplied • Nonce optional • Authentication methods must be able to handle not having them, but optimize the auth protocol

  10. Associate Response • ASE optional • Must be supplied if defaults not correct and must be within request scope • UCSE optional • Must be supplied if defaults not correct and must be within request scope • MCSE optional • Must be supplied if defaults not correct and must be within request scope • Realm Name optional • Authentication methods must be able to handle not having them, but can be used to optimize the auth protocol • Principle Name optional • Authentication methods must be able to handle not having them, but can be used to optimize the auth protocol • Nonce optional • Authentication methods must be able to handle not having them, but can be used to optimize the auth protocol

  11. Re-associate Request • ASE optional • Left to other STA if not supplied • UCSE optional • Left to other STA if not supplied • MCSE optional • Left to other STA if not supplied

  12. Re-associate Response • ASE optional • Must be supplied if not defaults not correct and must be within request scope • UCSE optional • Must be supplied if not defaults not correct and must be within request scope • MCSE optional • Must be supplied if not defaults not correct and must be within request scope • Realm Name optional • Authentication methods must be able to handle not having them, but optimize the auth protocol • Principle Name optional • Authentication methods must be able to handle not having them, but optimize the auth protocol

  13. UCSE/MCSE • Each STA/STA pair can negotiate a different UCS • The AP decides the MCS and forces all STAs to it (may be based on the first STA) • If MCSE is not specified in response defaults to AES not to UCSE

  14. ESN without ULA • Should AES without ULA is allowed in ESN? • E.g. For IBSS • No allowed, need to support ULA within IBSS

More Related