EAP Re-Authentication (ERP) support?

Sebastien Decugis sdecugis at nict.go.jp
Wed Feb 4 20:35:03 EST 2009


Ooops sorry, I did not mean to reply privately... Resending to the list.

ERP is independent of the L2, since it only uses EAP information and
some local information (domain name) to compute new keying material. My
understanding is that 802.11r does similar thing, deriving new keying
material from previous authentication. I will check if both mechanisms
can co-exist, there might be some conflicts. Also, how to decide what
mechanism must be used is not clear to me if both are available.

Thank you for your kind answers.
Sebastien.

Jouni Malinen a écrit :
> On Wed, Feb 04, 2009 at 02:17:01PM +0900, Sebastien Decugis wrote:
>
>   
>> Thank you for your answer. I don't have a real use-case now, it's more
>> like a proof of concept that I am concerned with... I am not familiar
>> with 802.11r, but after quickly looking for some information, I think
>> the scope is different. Re-authentication at EAP level allows for
>> example to change the L2 media (from wired to wireless connectivity,
>> among other) or move between different administrative domains. I don't
>> know if both mechanisms (802.11r and ERP) can be used at the same time,
>> but from this quick glance they seem complementary to me... I will look
>> more in detail at the 802.11r specification.
>>     
>
> OK. I agree that 802.11r is limited to cases where both the source and
> target connection is 802.11. There are even limitations within 802.11,
> so ERP might be of some benefit for pure 802.11 roaming, too. If ERP
> works with 802.11, it should work with 802.11r, too, since the initial
> association is using more or less identical frame exchange.
>
>   

-- 
Sebastien Decugis
Research fellow
Network Architecture Group
NICT (nict.go.jp)



More information about the HostAP mailing list