ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Last Call: draft-ietf-pana-framework-06

2006-03-20 18:18:25
from [Russ Housley] [Permanent Link]
Yesterday I had a discussion with Bernard Aboba about PANA. I think that Bernard was talking to me because of my involvement in IEEE 802.11i. It appears to me the PANA WG has a major problem.
The PANA WG seems to have a fundamental misunderstanding about 802.11i. I believe that the people involved in the PANA WG have been told about their misunderstanding by the editor of 802.11i (Jesse Walker from Intel), and it seems that this input was ignored this input. As a result the PANA specification that will not work at all in wireless LANs that deploy 802.11i. 

The PANA framework document states in Section 10.2.2:

   This model does not require any change in the current WPA and IEEE
   802.11i specifications.

The PANA framework document also states in Section 10.2.2:

   The IEEE 802.11 specification [802.11] allows Class 1 data frames to
   be received in any state.  Also, IEEE 802.11i [802.11i] optionally
   allows higher-layer data traffic to be received and processed on the
   IEEE 802.1X Uncontrolled Ports.  This feature allows processing IP-
   based traffic (such as ARP, IPv6 neighbor discovery, DHCP, and PANA)
   on IEEE 802.1X Uncontrolled Port prior to client authentication.
This is wrong on two points. First, 802.11 ESS mode does not allow data frames to be sent except in State 3. I did not review the most recent 802.11ma text, but I understand that this was recently clarified in that document. Also, 802.11i does not allow non-802.1X traffic to be received or sent until completion of 802.1X authentication and the 802.11i 4-way handshake.
This problem was discussed on the EAP WG in the following exchange with Jesse Walker back in January: 

   http://lists.frascone.com/pipermail/eap/msg03867.html
   http://lists.frascone.com/pipermail/eap/msg03868.html
   http://lists.frascone.com/pipermail/eap/msg03869.html
   http://lists.frascone.com/pipermail/eap/msg03872.html
Given this situation, an Access Point that implements 802.11i will silently discard all PANA traffic, and as a result, the PANA usage scenarios 802.11i (either TKIP or CCMP, which are called WPA and WPA2 by the WiFi Alliance) cannot work as described. 

Russ


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Guidance needed on well known ports, Kjetil Torgrim Homme
Next by Date:  Re: Anatole in-room net confusion, Ray Pelletier
Previous by Thread:  Anatole in-room net confusion, Sam Weiler
Next by Thread:  Re: Last Call: draft-ietf-pana-framework-06, Yoshihiro Ohba
Indexes:  [Date] [Thread] [Top] [All Lists]