Re: Last Call: draft-ietf-pana-framework-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Russ,

First of all, thank you very much for your input.

[1] I checked the latest 802.11ma draft and I confirm that the
description in pana-framework draft stating that Class 1 data frames
can be received in any state is not applicable any more.  So the
description on Class 1 data frame should be removed from the
pana-framework draft.

[2] It is not still clear whether running PANA over IEEE 802.1X
Uncontrolled Port is prohibited in IEEE 802.11i specification even in
the latest 802.11ma draft.

In the PANA WG session today, Bob O'Hara indicated the following text
in 802.11i, clause 6.1.4:

  "The IEEE 802.1X Controlled/Uncontrolled Ports discard the MSDU if
  the Controlled Port is not enabled or if the MSDU does not represent
  an IEEE 802.1X frame."

On the other hand, 802.11i clause 5.4.2.2 describes as follows (I
checked the latest 802.11ma draft and the description remains the
same):

  "However, a given protocol may need to bypass the authorization
  function and make use of the IEEE 802.1X Uncontrolled Port."

According to the text, it is still possible to *interpret* this text
such that a give protocol like PANA is allowed to exchanged over
802.1X Uncontrolled Port.

[Note that several days after the email discussion over the EAP
mailing list quoted below, I had a short conversation on this issue
with Jesse Walker during IEEE 802 interim meeting in January in order
to follow-up the email discussion and understand the input from Jesse
more.  As far as I understand, he seemed to agree on this possible
interpretation while he mentioned that there is no existing 802.11i
implementation that uses 802.1X Uncontrolled Port for non-802.1X frame
exchange, but I may be still misunderstanding something.  Also, for
the sake of completeness of the email discussion over the EAP mailing
list, the following email that I sent in response to msg03872 should
be quoted as well:
http://lists.frascone.com/pipermail/eap/msg03879.html.]

The pana-framework draft is written based on the possible
interpretation, not based on existing 802.11i implementation.  As far
as the pana-framework draft is consistent with 802.11i specification
in terms of clause 5.4.2.2, whether an 802.11i implementation runs
PANA over Uncontrolled Port to bootstrap PSK mode seems to be an
implementation or deployment issue.

If the intent of 802.11i specification is to prohibit any data frame
other than 802.1X frame exchanged over Uncontrolled Port without any
exception, I'd suggest removing the above text in clause 5.4.2.2 from
802.11i specification.

Best regards,
Yoshihiro Ohba


On Mon, Mar 20, 2006 at 08:17:22PM -0500, Russ Housley wrote:
> Yesterday I had a discussion with Bernard Aboba about PANA.  I think 
> that Bernard was talking to me because of my involvement in IEEE 
> 802.11i.  It appears to me the PANA WG has a major problem.
> 
> The PANA WG seems to have a fundamental misunderstanding about 
> 802.11i.  I believe that the people involved in the PANA WG have been 
> told about their misunderstanding by the editor of 802.11i (Jesse 
> Walker from Intel), and it seems that this input was ignored this 
> input.  As a result the PANA specification that will not work at all 
> in wireless LANs that deploy 802.11i.
> 
> The PANA framework document states in Section 10.2.2:
> 
>    This model does not require any change in the current WPA and IEEE
>    802.11i specifications.
> 
> The PANA framework document also states in Section 10.2.2:
> 
>    The IEEE 802.11 specification [802.11] allows Class 1 data frames to
>    be received in any state.  Also, IEEE 802.11i [802.11i] optionally
>    allows higher-layer data traffic to be received and processed on the
>    IEEE 802.1X Uncontrolled Ports.  This feature allows processing IP-
>    based traffic (such as ARP, IPv6 neighbor discovery, DHCP, and PANA)
>    on IEEE 802.1X Uncontrolled Port prior to client authentication.
> 
> This is wrong on two points.  First, 802.11 ESS mode does not allow 
> data frames to be sent except in State 3.  I did not review the most 
> recent 802.11ma text, but I understand that this was recently 
> clarified in that document.  Also, 802.11i does not allow non-802.1X 
> traffic to be received or sent until completion of 802.1X 
> authentication and the 802.11i 4-way handshake.
> 
> This problem was discussed on the EAP WG in the following exchange 
> with Jesse Walker back in January:
> 
>    http://lists.frascone.com/pipermail/eap/msg03867.html
>    http://lists.frascone.com/pipermail/eap/msg03868.html
>    http://lists.frascone.com/pipermail/eap/msg03869.html
>    http://lists.frascone.com/pipermail/eap/msg03872.html
> 
> Given this situation, an Access Point that implements 802.11i will 
> silently discard all PANA traffic, and as a result, the PANA usage 
> scenarios 802.11i (either TKIP or CCMP, which are called WPA and WPA2 
> by the WiFi Alliance) cannot work as described.
> 
> Russ
> 
> 
> _______________________________________________
> Ietf mailing list
> Ietf@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/ietf
> 

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]