On Wed, 2002-10-02 at 14:24, Lars Viklund wrote: > On Wed, 2002-10-02 at 08:08, Pat Calhoun wrote: > > Does anyone have a clue how the AP selects the right key to use as the > > key-mapping-key? > > It can either: > > invent a random key-mapping (unicast) key and send it to the supplicant > in an EAPOL-Key message signed with the MS-MPPE-Send-Key and encrypted > with the MS-MPPE-Recv-Key right
> > or > > send the supplicant an EAPOL-Key message with an empty Key field, which > means use the specified number of bits from the MS-MPPE-Send-Key as the > key-mapping key. check... unfortunately, this doesn't appear to work. However, I found going through the various revisions of the congdon draft that the signature has changed over time, and this may be what's biting me. I found that in -17 of the draft, the signature doesn't cover the EAPOL header, while -20 it does. I suspect what's going on is that they are trying to play catch up with the work in .1aa, but it would be really nice if there were a draft that showed how 802.1X worked :( Any ideas how XP behaves? PatC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
