Hello All,
To Jacques: Hi, thanks a lot for ur answers on dynamic key mapping
and Host based AP and firmware based AP.
Please can anyone suggest me the following:
If an AP is to be built, then what are the essential
requirements
that it has to support in order to be able to support 802.1x/EAP-Types(TLS,
MD5)
Authentications with RADIUS server as the Authentication server.
Actually what mechanism is to be followed for the 802.1x/EAP-TLS
authentication using RADIUS.
This scenario is being followed in two different ways.
Approach 1: The RADIUS server passes two keys to AP through
MS-MPPE-Send-Key and MS-MPPE-Recv-key.
These are the Session-Key and the Signing-key. The AP then sends two
EAPOL-key messages (one EAPOL-Key
message with empty key field for specifying that the session key derived is
during EAP Authentication
is the Unicast_Session-Key, and second EAPOL-Key message with the the
broadcast-key(static/dynamic) which
is Signed with the Signing-key and Encrpyted using the Session-Key.
Approach 2: The RADIUS server passes one key to AP using MS-MPPE-Send-Key
attribute in the Access-Accept
Radius packet. The one key sent is the Session-Key. The AP then sends two
EAPOL-key messages (one EAPOL-Key
message with empty key field for specifying that the session key derived is
during EAP Authentication is the
Unicast_Session-Key, and second EAPOL-Key message with the the
broadcast-key(static/dynamic) which is both
Signed and Encrpyted using the Session-Key.
Which is the better Approch to be followed so that the AP is compliant with
i) most of the or with the standard RADIUS servers that support
802.1x/EAP-Types(TLS, MD5) Authentication
ii) the WLAN Client products available in the market that support
802.1x/EAP-Types(TLS, MD5) Authentication
[Do the client WLAN products require to support the
802.1x/EAP-Types(TLS, MD5) Authentication? ]
Please explain me on this.
Thanks in advance.
regards,
Visakha.
***************************************************************************
This message is proprietary to Future Software Limited (FSL)
and is intended solely for the use of the individual to whom it
is addressed. It may contain privileged or confidential information
and should not be circulated or used for any purpose other than for
what it is intended.
If you have received this message in error, please notify the
originator immediately. If you are not the intended recipient,
you are notified that you are strictly prohibited from using,
copying, altering, or disclosing the contents of this message.
FSL accepts no responsibility for loss or damage arising from
the use of the information transmitted by this email including
damage from virus.
***************************************************************************
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
