(sigh, hit send too soon) Glen Zorn wrote: > Is there an RFC that says this somewhere?
RFC 3580. 3.20. Called-Station-Id For IEEE 802.1X Authenticators, this attribute is used to store the bridge or Access Point MAC address in ASCII format (upper case only), with octet values separated by a "-". Example: "00-10-A4-23-19-C0". In IEEE 802.11, where the SSID is known, it SHOULD be appended to the Access Point MAC address, separated from the MAC address with a ":". Example "00-10-A4-23-19-C0:AP1". > 802.11-2007 doesn't mention > Called-Station-ID; 802.1X-2004 says this: Taken from 3580. > Note the use of "should". Which is a common practice. > In addition, there is no guarantee at all that > SSIDs are globally unique. Agreed. However, SSIDs are *likely* to be unique within a roamin consortium. This is because the parties talk to each other, and can complain when the SSIDs are unknown, or re-used. > Assuming that the SSID is actually in the Called-Station-ID Attribute (see > above) and that the NAS didn't just lie in the RADIUS message, too (given > that there is no way to detect such a lie in a >1 hop AAA scenario) and that > there is no collusion between X & Z. We seem to be assuming a _lot_ of > honesty from our thieves. Yes. There are mitigating circumstances. AAA relationships leverage trust. Continued trust depends on the parties continuing to meet expectations. Lying about SSIDs violates trust. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
