Couple of comments/observations about capwap-threat-analysis-01: There seem to be couple of places where this document isn't completely in sync with the protocol/binding documents. In particular, the following two places: Section 4.2, "The current CAPWAP binding for IEEE 802.11 only supports the use of IEEE 802.11i [80211I] security on the wireless link." The current version of the binding spec seems to support WEP, too. Section 6.1: The text about "Local MAC", "Remote MAC", and "Split MAC" doesn't seem to match the other documents. E.g., there's no "Remote MAC" in the other documents, and description of "Local MAC" doesn't quite match the description in IEEE 802.11 binding. The document would benefit from some discussion about authorization. Especially if WTPs/ACs have manufacturer-issued certificates installed in factory, everyone can easily authenticate everyone else. And with DHCP AC option, this could "zero configuration" for WTPs -- except that this wouldn't be secure: WTP (and AC) needs some configuration to know who is the *right* AC (who are the *right* WTPs). Editorial nits: Section 9.2: the section title includes "Rootkit installation": is this in right place, or should it be in Section 9.3? Best regards, Pasi _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf