Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-11-TGBI] Protection against Spoof AP



On 8/18/22, 11:35 AM, "Joseph Levy" <000019588066c6b7-dmarc-request@xxxxxxxxxxxxxxxxx> wrote:


Hi Graham and All,


A couple questions/comments:

1)      Graham what was your motivation to restrict this mechanism to a BPE AP?  I don’t think it is a necessary restriction. 

2)      I think the proposed requirement could be more clearly stated so the privacy advantage is clearer, how about:
11bi shall define at least one mechanism that will allow an non-AP STA to verify the identity of  a known AP prior to transmission of any pre-association PPDUs to the AP. This mechanism should allow the non-AP STA to limit its transmission of Probes Requests and Association Requests to a known AP to a location where the known AP is actually present (i.e., not to a spoofed AP).   


  I dunno. The more I think about this the less serious I think it is. Graham gave 2 viable solutions to this "problem" in his presentation that didn't require any standardization at all. If some STA vendor thinks this is a problem it can implement either one.


  Keep in mind that "a location where the known AP is actually present" may, in fact, be the fake AP in the paparazzi's car in front of J-Lo's mansion as he's waiting to snap a picture of her when she leaves. Like I said in the chat, J-Lo should make her SSID be something common like "linksys" or "xfinity" or "netgear" or "marriot_guest" (and don't tell me that's against the law) to attract everyone in an effort to render the information gleaned by this fake AP garbage. That is, if it's even a problem which I find hard to believe is.


  Pretty sure I would speak against a motion to include this text in our requirements document.







"the object of life is not to be on the side of the majority, but to

escape finding oneself in the ranks of the insane." – Marcus Aurelius





From: G Smith <gsmith@xxxxxxxxxxxxxxxxxxx>
Sent: Thursday, August 18, 2022 12:03 PM
To: STDS-802-11-TGBI@xxxxxxxxxxxxxxxxx
Subject: [STDS-802-11-TGBI] Protection against Spoof AP


Thank you for the comments  and feedback on 22/1253r0 on the subject of protection against a Spoof AP.


I am considering proposing the following text for insertion into 21/1848 Requirements document:


         11bi shall define a mechanism for a BPE AP to be identified such that a BPE Client can confirm that the AP is not a spoof AP.  Hence, the BPE Client will not send an Association Request and reveal its presence.


I welcome any suggestions or comments




To unsubscribe from the STDS-802-11-TGBI list, click the following link:

To unsubscribe from the STDS-802-11-TGBI list, click the following link:

To unsubscribe from the STDS-802-11-TGBI list, click the following link: