Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges

["1und1" <t.otto@sharevolution.de>]

> From: "Clint Chaplin" <clint.chaplin@gmail.com>
> To: "Bernard Aboba" <aboba@internaut.com>
> Cc: <secmech@ietf.org>
> Sent: Saturday, August 27, 2005 9:28 PM
> Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges


> Boy, does this all sound familiar....

> I know of one IEEE 802.11i vendor that developed and sold a Kerberos
> solution for security/authentication.


Which company is this? Symbol?

Symbol.com sells a Kerberos-based solution, but it seems to be proprietary
and
not  compliant with IEEE 802.11i.

I asked in Juli sth for EAP-Kerberos, Tim Alsop answered
( http://www.mail-archive.com/kerberos@mit.edu/msg08763.html )


<snip>
Thomas,

Perhaps you need to look at the solution implemented by Symbol
(www.symbol.com). Their WLAN products already use kerberos for WLAN
authentication and key management as an alternative to WEP. The normal
approach with WEP is to share a secret between the AP and WLAN client,
but with Kerberos the session key can be used instead. The WLAN
connection to the network through the access point should not be
accepted until the user has authenticated to the AP. This is the Symbol
approach, but they are not using EAP. Instead they have implemented
Kerberos in the firmware of their products. I would love to see Kerberos
implemented for same solution using EAP-GSS so that more WLAN vendors
can take advantage and gain SSO and strong key management for WLAN
authentication.

Regards, Tim
</snip>




_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech