ietf
[Top] [All Lists]

Last call comments for capwap-threat-analysis-01

2008-07-29 08:56:42

Couple of comments/observations about capwap-threat-analysis-01:

There seem to be couple of places where this document isn't
completely in sync with the protocol/binding documents.
In particular, the following two places:

Section 4.2, "The current CAPWAP binding for IEEE 802.11 only
supports the use of IEEE 802.11i [80211I] security on the 
wireless link." The current version of the binding spec seems
to support WEP, too.

Section 6.1: The text about "Local MAC", "Remote MAC", and "Split MAC" 
doesn't seem to match the other documents. E.g., there's no "Remote MAC"
in the other documents, and description of "Local MAC" doesn't quite
match the description in IEEE 802.11 binding.

The document would benefit from some discussion about authorization.
Especially if WTPs/ACs have manufacturer-issued certificates installed
in factory, everyone can easily authenticate everyone else. And with
DHCP AC option, this could "zero configuration" for WTPs -- except
that this wouldn't be secure: WTP (and AC) needs some configuration 
to know who is the *right* AC (who are the *right* WTPs).

Editorial nits:

Section 9.2: the section title includes "Rootkit installation": is
this in right place, or should it be in Section 9.3?

Best regards,
Pasi
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>
  • Last call comments for capwap-threat-analysis-01, Pasi.Eronen <=