Bernard Aboba [mailto://bernard_aboba(_at_)hotmail(_dot_)com] writes:
...
encapsulation using RFC 2548 MPPE-Key attributes...
I was unclear about how this is supposed to work. Is the idea to apply
the MPPE-Key encryption mechanism to the attribute specified
in the draft,
No.
or is the idea to actually use the MPPE-Key attributes
themselves?
Yes.
If the former, more detail should be provided. If the latter,
is it necessary to define two attribute formats or would it be simpler to
go with one?
The PKM-AUTH-Key Attributes contains data that is to be delivered via 802.16
to the Subscriber Station (SS); the Key field in that attribute is encrypted
under the public key of the SS. However, the BAS also needs to know the
key; that is what would be transferred (presumably and unfortunately) in the
MPPE-Send-Key Attribute.
If the RFC 2548 MPPE-Key attributes are used, is the format
the same as that defined in RFC 2548 (just a wrapped key) or is the
wrapping
applied to a complex attribute?
Just a copy of the contents of the Key field in the PKM-AUTH-Key Attribute.
a four octet Integer should be used instead of a two octet data type
(which doesn't exist in RADIUS)
As I recall, the security exemption didn't apply to creation of new RADIUS
data types, correct?
It's a 2 octet string.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf