> Hi Bob, > Thanks for the answer. > I have another query. > If the station & AP are both configured for WPA-PSK, > can we do authentication?? > If so how?? (Can we enforce EAP-MD5 Authentication) > and then enforce Key-Negotiation using WPA-PSK 4-way > handshaking??
Unless you can (cryptographically) bind the authentication to the 4-way handshake, they'd be independent of each other and I cannot see the benefit of doing the authentication. Binding is possible when the authentication method can generate crypto keys. EAP-MD5 does not, but its revved up version EAP-Archie does. http://www.ietf.org/internet-drafts/draft-jwalker-eap-archie-01.txt If you are trying to generate keys for WPA-PSK by means other than 802.1X, you might want to consider using PANA protocol. See http://ietf.org/html.charters/pana-charter.html for IETF PANA development. Alper > > Pls clarify me. > > thanks in advance. > > --- Bob O'Hara <[EMAIL PROTECTED]> wrote: >> Actually, the answer is yes, you can support dynamic >> WEP keys without an >> EAP authentication method. The way to do this is >> with a pre-shared key. >> This requires entering a key or pass phrase on both >> the client and AP, >> and enabling WPA-PSK as the security method. The AP >> and client then use >> the EAPOL-Key messages to exchange pairwise and >> group keys. Wi-Fi >> equipment with the WPA box checked on their >> capability label provide >> this function today. 802.11i includes it, as well. >> >> -Bob >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of >> Nelson, David >> Sent: Wednesday, December 03, 2003 6:38 AM >> To: [EMAIL PROTECTED] >> Subject: RE: [BAWUG] Dynamic WEP Keys >> >> >> Krishna writes... >> >>> Can any one let me know, whether we can support >>> Dynamic WEP Keys without using EAP-methods like >>> EAP-TLS etc?? >> >> No. The IEEE 802.1X EAPOL key messages require >> TLS-based authentication >> to derive fresh session keys with which to protect >> the distribution of >> Dynamic WEP keys. While other key management >> methods are, of course, >> possible, they would be proprietary. >> >> Regards, >> >> Dave >> >> David B. Nelson >> Wireless & AAA Architect, Office of the CTO >> Enterasys Networks, Inc. >> 50 Minuteman Road >> Andover, MA 01810-1008 >> Phone: (978) 684-1330 >> E-mail: [EMAIL PROTECTED] >> >> -- >> general wireless list, a bawug thing >> <http://www.bawug.org/> >> [un]subscribe: >> http://lists.bawug.org/mailman/listinfo/wireless >> -- >> general wireless list, a bawug thing >> <http://www.bawug.org/> >> [un]subscribe: > http://lists.bawug.org/mailman/listinfo/wireless > > > __________________________________ > Do you Yahoo!? > Free Pop-Up Blocker - Get it now > http://companion.yahoo.com/ > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
