hi
the environment is 802.1x access in a wireless networks with EAP-TLS with MPPE.
now it's clear what you want to know.
yes, but the mppe keys are not used as WEP keys. that would be a little bit odd since in that way the radius server would have to know how the WEP keys should look like although the server doesn't implement WEP and have no idea of what it is.Probably now I have understand: Freeradius after the TLS handshake derive the MPPE keys from the key material of the handshake and send this keys to the AP. The client derives this key itself, and the AP and client are responsable for the rekeying, this rekeying happen every packet that the AP and the client exchange.
so, the MPPE key attributes are only used in order to give the AP the same keying material. client derives this itself from the TLS master. then, either client or the AP generate the session WEP key and the AP takes the broadcast WEP key (which it could already be using with other stations) and all this is exchanged being encrypted and signed with the keying material received from server.
It's all exact?
not quite, see above.
But if it is, when a packet is lost what's appens?
i guess you know now what happens then.
no but this has been discussed already, just look in the archives for NSSSK or TLS master.Thanks and I hope this is not too off topic
ciao
artur
--
Artur Hecker
D�partement Informatique et R�seaux, ENST Paris
http://www.infres.enst.fr/~hecker
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
