Alan DeKok [mailto:[email protected]] writes:
> Glen Zorn wrote: > > Is there an RFC that says this somewhere? > > RFC 3580, Section 3.20 OK, thanks. This appears to be identical to the section from 802.1X-2004 that I quoted below, though... > > > 802.11-2007 doesn't mention > > Called-Station-ID; 802.1X-2004 says this: > > > > D.3.20 Called-Station-Id > > For IEEE 802.1X Authenticators, this attribute is used to store the > Bridge > > or Access Point MAC address, > > represented as an ASCII character string in Canonical format (see IEEE > Std > > 802). For example, "00-10-A4- > > 23-19-C0." For 802.11 Access Points, the IEEE 802.11 SSID should be > appended > > to the Access Point MAC > > address, separated from the MAC address with a ":". For example, > > "00-10-A4-23-19-C0:AP1". > > > > Note the use of "should". In addition, there is no guarantee at all > that > > SSIDs are globally unique. > > > >> So > >> the home server can verify that SSID against the channel bindings. > > > > Assuming that the SSID is actually in the Called-Station-ID Attribute > (see > > above) and that the NAS didn't just lie in the RADIUS message, too > (given > > that there is no way to detect such a lie in a >1 hop AAA scenario) > and that > > there is no collusion between X & Z. We seem to be assuming a _lot_ > of > > honesty from our thieves. > > > > ... > > > > > > > _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
