Foraging for Goodies

Foraging for Goodies

By CWNP On 08/07/2007 - 19 Comments

In my daily foraging for goodies in the 802.11 standard, I tripped across what seemed to be something routine, but upon deeper inspection (the reading of several RFCs), it seems that PAP, CHAP, and MS-CHAP cannot be used between an authenticator and authentication server in an RSN.

 

5.8.4 Authenticator-to-AS protocol
The Authenticator-to-AS authentication definition is out of the scope of this standard, but, to provide security assurances, the protocol must support the following functions:

a) Mutual authentication between the Authenticator and AS
b) A channel for the Supplicant/AS authentication
c) The ability to pass the generated key from the AS to the Authenticator in a manner that provides authentication of the key source, ensures integrity of the key transfer, and preserves data confidentiality of the key from all other parties

Methinks that items "b" and "c" are AOK, but item "a" is a whole other matter.  Just because the authenticator and authentication server have a shared secret does not mean that they perform mutual authentication.  The protocol that verifies the shared secret must perform mutual authentication to meet this requirement.  PAP, CHAP, and MS-CHAP do not perform mutual authentication.  MS-CHAPv2 and EAP-MSCHAP-v2 both do perform mutual authentication and can be used.

That's just my $0.02, but hey, am I wrong?

Devin Akin
CTO, The CWNP Program 

0 Responses to Foraging for Goodies

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

-Darren
Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

-Ben
Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

-Glenn
Read More