Bernard Aboba [mailto://bernard_aboba@xxxxxxxxxxx] writes: ... > > encapsulation using RFC 2548 MPPE-Key attributes... > > I was unclear about how this is supposed to work. Is the idea to apply > the MPPE-Key encryption mechanism to the attribute specified > in the draft, No. > or is the idea to actually use the MPPE-Key attributes > themselves? Yes. > If the former, more detail should be provided. If the latter, > is it necessary to define two attribute formats or would it be simpler to > go with one? The PKM-AUTH-Key Attributes contains data that is to be delivered via 802.16 to the Subscriber Station (SS); the Key field in that attribute is encrypted under the public key of the SS. However, the BAS also needs to know the key; that is what would be transferred (presumably and unfortunately) in the MPPE-Send-Key Attribute. > If the RFC 2548 MPPE-Key attributes are used, is the format > the same as that defined in RFC 2548 (just a wrapped key) or is the wrapping > applied to a complex attribute? Just a copy of the contents of the Key field in the PKM-AUTH-Key Attribute. > > > a four octet Integer should be used instead of a two octet data type > > (which doesn't exist in RADIUS) > > As I recall, the security exemption didn't apply to creation of new RADIUS > data types, correct? It's a 2 octet string. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf