Glen Zorn wrote: > Is there an RFC that says this somewhere? RFC 3580, Section 3.20
802.11-2007 doesn't mention > Called-Station-ID; 802.1X-2004 says this: > > D.3.20 Called-Station-Id > For IEEE 802.1X Authenticators, this attribute is used to store the Bridge > or Access Point MAC address, > represented as an ASCII character string in Canonical format (see IEEE Std > 802). For example, "00-10-A4- > 23-19-C0." For 802.11 Access Points, the IEEE 802.11 SSID should be appended > to the Access Point MAC > address, separated from the MAC address with a ":". For example, > "00-10-A4-23-19-C0:AP1". > > Note the use of "should". In addition, there is no guarantee at all that > SSIDs are globally unique. > >> So >> the home server can verify that SSID against the channel bindings. > > Assuming that the SSID is actually in the Called-Station-ID Attribute (see > above) and that the NAS didn't just lie in the RADIUS message, too (given > that there is no way to detect such a lie in a >1 hop AAA scenario) and that > there is no collusion between X & Z. We seem to be assuming a _lot_ of > honesty from our thieves. > > ... > > > _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
