-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In order to successfully mitigate the new TKIP attack, organizations need to turn on key rotation for stations, where each minute of key use represents one byte of plaintext an attacker can recover for a given packet.
The consensus so far is that 2 minutes before the next key rotation (PTK, not PMK; no RADIUS involvement here) is reasonable. I've been looking around, but I haven't found if this is possible on Cisco, Meru, Trapeze or Symbol products. A friend at Aruba pointed out the steps for an Aruba 3.x controller: enable configure terminal aaa authentication dot1x <profilename> multicast-keyrotation unicast-keyrotation timer mkey-rotation-period 120 timer ukey-rotation-period 120 Does anyone know if this is possible on Cisco LWAPP AP's, Cisco autonomous AP's or other vendor products? I'm collecting this material for a SANS webcast on Monday. Thanks, - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) iEYEARECAAYFAkkaYnEACgkQapC4Te3oxYxdOwCgimSU/xODq3hee8/fYTU40B0b RhcAnAypgCDb+dnY3+aq8OR/RGrwM6dN =gFib -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
