ietf
[Top] [All Lists]

Re: Last call comments:draft-williams-on-channel-binding-01.txt: EAP chann

2007-04-09 06:20:38
This is something that IEEE 802.11r/D5.0 is doing. R0KH-ID is set to the
identity of the NAS Client (e.g., NAS-Identifier if RADIUS is used as
the backend protocol) and this identifier is sent to the peer during
association (before EAP authentication). In addition, both the R0KH-ID
(NAS-Identifier) and R1KH-ID (authenticator MAC address) are mixed in
into the key derivation after the EAP authentication.

I would also add that IEEE 802.11r binds the R1KH-ID and the AP BSSID/MAC address during the post-EAP handshake. IEEE 802.11r also advertises the set of authenticators within which fast handoff is possible via the Mobility Domain IE. Currently there is no equivalent AAA attribute to carry that, but once there is (it has been discussed in RADEXT WG), it will also be possible to verify this parameter within EAP Channel Bindings.



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>