On Wed, Jul 12, 2006 at 09:50:15AM -0700, M. Vanderveen wrote: > Personally I'm somewhat disappointed that AES-EAX was chosen, even though > it's fame is that is simpler than CCM, which is what 802.11i proposes. Not > having participated in the discussions on algorithm selection, I am wondering > if anybody have given thought to what can be done to help the power and > memory-limited mobile, who now has to have *hardware* to please everybody: > the EAP for network access, SAP 4-way handshake for link-layer access, > MobileIP for mobility, VPN to sooothe operator concerns, etc, to name a few > possibilities. Not all of these must be done in hw, of course. What do the > implementors have to say about these?
It depends.. So far, I have only needed to implement AES-EAX because of EAP-PSK and now EAP-GPSK, i.e., I haven't needed it for anything else in IEEE 802.11/802.1X/EAP area. I did need to implement CCM for IEEE 802.11i. However, it is used only for data frame encryption/decryption (IEEE 802.11i uses AES key wrap algorithm, RFC 3394, in higher layer operations) and in many designs, it is not easily available for the EAP implementation. CCMP (AES-CCM) may be implemented in the hardware/ firmware/device driver and there may not be an interface for the EAP server/peer (usually, a user space application) to access the same implementation. Sure, it is possible to re-use the same code, but that may not be the most common solution. In addition, adding another mode of AES in software is not really taking that much space. In other words, I'm not too concerned from the view point of implementation size of EAX vs. CCM. However, I would have to admit that it would have been easier to implement EAP-PSK (and now GPSK) if CCM had been used instead of EAX since I first had to figure out what exactly EAX is doing whereas I was already familiar with CCM because of IEEE 802.11i background. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
