capwap-3----Page:6
1 2 3 4 5 6 7 8 9
|
Fix the problem? Solution 1: 3-party key agreement protocols Involve all parties in a cross-protocol key agreement In CAPWAP, would need 4-party protocol Infeasible, as CAPWAP can’t change 11i or AAA Solution 2: Channel Bindings After keys are all generated, AAA server encrypts everyone’s identities and sends it to the STA Could be implemented by CAPWAP-specific extensions to an EAP method, need AAA messages to carry CAPWAP WTP/AC info |