> From: Daniele Brevi
> Sent: Monday, February 17, 2003 10:34 AM
>
> I have read the old thread, for MPPE dynamic key and WEP in a
> wireless 802.1x access.
> I have a little doubt.
> The radius derives the MPPE key and send it to the AP, it
> derives from these the WEP key, and the client derives the
> WEP key itself (client know the TLS master secret).
> But now it's true that the AP send the Ucast and Bcast key to
> the client also if it know already the Ucast WEP key?
There are two modes; after the AP receives the master keying
data (MPPE keys) from the AAA server it can either:
i) create a WEP key mapping key (unicast key) and send it
to the supplicant in an EAPOL-Key message
ii) use data directly from the master keying data as WEP key
mapping key; in this case it will send an EAPOL-Key message
with a zero length key field to the supplicant to indicate
to the supplicant that the WEP key mapping key is created
from the master keying data
For both of the above cases the AP must also send at least one
other EAPOL-Key message to the supplicant; each of these
EAPOL-Key messages will contain one of the WEP default keys (of
which there can be four).
The EAPOL-Key mechanism have been covered on this list before
and is clearly explained in the 802.1X standard and in the
draft-congdon-radius-8021x internet draft.
/henrik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
