RE: AAA for Handovers

[Bernard Aboba <aboba@internaut.com>]

The most recent IEEE 802.11r draft eliminates portions of the key
hierarchy and also mandates that the Authenticator and AAA client
reside on the same entity.  There is still discussion on the
interactions between NASes.

RFC 3580 describes how Accounting-Start messages can be sent in handover
situations.

On Thu, 11 Aug 2005, Narayanan Vidya-CVN065 wrote:

> Emile, Bernard,
> Thanks for the clarification on the accounting issues.
>
> Does anyone know how this will work with 802.11r-like key hierarchy? As
> per the key hierarchy, it seems like the station will have to establish
> the MSK by contacting the R0 key holder. However, the PTK it shares is
> with the R2 key holder. So, technically, the PMK-R0 is only used to
> derive the PMK-R1 and the latter to derive PMK-R2. I would imagine the
> RADIUS client would reside in the R0-KH - right? However, the station
> may handoff to different R2-KHs within the same R0-KH - how and when
> will accounting-start messages be sent in this case? Or, is it that the
> accounting messages only need to be sent when the station first derives
> the PMK-R0?
>
> About IAPP, I wasn't referring to the use of it here. I think mandating
> use of IAPP for sake of authentication or accounting perhaps leads to
> more complications.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>