Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges

"1und1" <t.otto@sharevolution.de> Sun, 28 August 2005 10:12 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9K9X-0008MT-Fv; Sun, 28 Aug 2005 06:12:39 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1E9K9W-0008MM-Uw for secmech@megatron.ietf.org; Sun, 28 Aug 2005 06:12:39 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA07840 for <secmech@ietf.org>; Sun, 28 Aug 2005 06:12:36 -0400 (EDT)
Received: from moutng.kundenserver.de ([212.227.126.187]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1E9KAa-000720-PW for secmech@ietf.org; Sun, 28 Aug 2005 06:13:48 -0400
Received: from dialin-212-144-148-002.arcor-ip.net [212.144.148.2] (helo=amilo) by mrelayeu.kundenserver.de with ESMTP (Nemesis), id 0MKwtQ-1E9K9L1SVw-0002JL; Sun, 28 Aug 2005 12:12:27 +0200
Message-ID: <001301c5abb9$372ea370$029490d4@amilo>
From: "1und1" <t.otto@sharevolution.de>
To: "Clint Chaplin" <clint.chaplin@gmail.com>
References: <Pine.GSO.4.60.0508220801430.1114@ismene><1DCACCAC04655B3AFE9733A8@cumulus><Pine.GSO.4.60.0508221047001.1307@ismene><20050822154044.GE7789@binky.Central.Sun.COM><430CA545.3020109@uni-tuebingen.de><Pine.LNX.4.61.0508241113420.16086@internaut.com><20050824213010.GO10174@binky.Central.Sun.COM><Pine.LNX.4.61.0508241436250.21720@internaut.com><20050825042105.GW10174@binky.Central.Sun.COM><Pine.LNX.4.61.0508242244440.1628@internaut.com> <d4083f6605082712282a55f198@mail.gmail.com>
Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges
Date: Sun, 28 Aug 2005 12:14:00 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:3105fcefe481186a11ed9e9de1ccc56f
X-Spam-Score: 1.2 (+)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Content-Transfer-Encoding: 7bit
Cc: secmech@ietf.org
X-BeenThere: secmech@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security mechanisms BOF <secmech.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/secmech>
List-Post: <mailto:secmech@lists.ietf.org>
List-Help: <mailto:secmech-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/secmech>, <mailto:secmech-request@lists.ietf.org?subject=subscribe>
Sender: secmech-bounces@lists.ietf.org
Errors-To: secmech-bounces@lists.ietf.org

> From: "Clint Chaplin" <clint.chaplin@gmail.com>
> To: "Bernard Aboba" <aboba@internaut.com>
> Cc: <secmech@ietf.org>
> Sent: Saturday, August 27, 2005 9:28 PM
> Subject: Re: [SECMECH] Framework Bindings Vs. Mechanism Bridges


> Boy, does this all sound familiar....

> I know of one IEEE 802.11i vendor that developed and sold a Kerberos
> solution for security/authentication.


Which company is this? Symbol?

Symbol.com sells a Kerberos-based solution, but it seems to be proprietary
and
not  compliant with IEEE 802.11i.

I asked in Juli sth for EAP-Kerberos, Tim Alsop answered
( http://www.mail-archive.com/kerberos@mit.edu/msg08763.html )


<snip>
Thomas,

Perhaps you need to look at the solution implemented by Symbol
(www.symbol.com). Their WLAN products already use kerberos for WLAN
authentication and key management as an alternative to WEP. The normal
approach with WEP is to share a secret between the AP and WLAN client,
but with Kerberos the session key can be used instead. The WLAN
connection to the network through the access point should not be
accepted until the user has authenticated to the AP. This is the Symbol
approach, but they are not using EAP. Instead they have implemented
Kerberos in the firmware of their products. I would love to see Kerberos
implemented for same solution using EAP-GSS so that more WLAN vendors
can take advantage and gain SSO and strong key management for WLAN
authentication.

Regards, Tim
</snip>




_______________________________________________
SECMECH mailing list
SECMECH@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech