Alan DeKok [mailto:[email protected]]
> (sigh, hit send too soon) ... > > 802.11-2007 doesn't mention > > Called-Station-ID; 802.1X-2004 says this: > > Taken from 3580. Whatever; 3580 says This document provides suggestions on Remote Authentication Dial In User Service (RADIUS) usage by IEEE 802.1X Authenticators. The material in this document is also included within a non-normative Appendix within the IEEE 802.1X specification, and is being presented as an IETF RFC for informational purposes. Which suggests to me an opposite relationship, though. > > > Note the use of "should". > > Which is a common practice. ??? > > > In addition, there is no guarantee at all that > > SSIDs are globally unique. > > Agreed. However, SSIDs are *likely* to be unique within a roamin > consortium. This is because the parties talk to each other, and can > complain when the SSIDs are unknown, or re-used. What parties? The BSSs? Why? > > > Assuming that the SSID is actually in the Called-Station-ID Attribute > (see > > above) and that the NAS didn't just lie in the RADIUS message, too > (given > > that there is no way to detect such a lie in a >1 hop AAA scenario) > and that > > there is no collusion between X & Z. We seem to be assuming a _lot_ > of > > honesty from our thieves. > > Yes. > > There are mitigating circumstances. AAA relationships leverage trust. > Continued trust depends on the parties continuing to meet expectations. > Lying about SSIDs violates trust. But fraud doesn't? > > Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
