Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-11-TGBI] Protection against Spoof AP



Joseph and All,

 

It seems to be confusing in the later part:

This mechanism should allow the non-AP STA to limit its transmission of Probes Requests and Association Requests to a known AP to a location where the known AP is actually present (i.e., not to a spoofed AP). “  

 

Based on the text it appears that the non-AP STA will be able to limit Probes Requests and Association Request to a known AP and it is linked to the location of the AP. Could this be read that if the known AP is at a different location the non-AP STA does not have the mechanism limit the messages? As well we may not want to link the AP location (use case would be a mobile AP).

 

Maybe the following:

This mechanism should allow the non-AP STA to limit its transmission of Probes Requests and Association Requests to an AP which appears to be known to the non-AP STA; however, is not the actual known AP. (i.e., not to a spoofed AP). 

 

Cheers,

Luther

 

 From: G Smith <gsmith@xxxxxxxxxxxxxxxxxxx>
Sent: Thursday, August 18, 2022 1:34 PM
To: STDS-802-11-TGBI@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-802-11-TGBI] Protection against Spoof AP

 

Love it.  My excuse is that I obviously have not understood the BPE/CPE concept.

 

Thanks Joe,

 

Graham

 

From: Joseph Levy <Joseph.Levy@xxxxxxxxxxxxxxxx>
Sent: Thursday, August 18, 2022 2:35 PM
To: G Smith <gsmith@xxxxxxxxxxxxxxxxxxx>; STDS-802-11-TGBI@xxxxxxxxxxxxxxxxx
Subject: RE: Protection against Spoof AP

 

Hi Graham and All,

 

A couple questions/comments:

  1. Graham what was your motivation to restrict this mechanism to a BPE AP?  I don’t think it is a necessary restriction. 
  2. I think the proposed requirement could be more clearly stated so the privacy advantage is clearer, how about:
    11bi shall define at least one mechanism that will allow an non-AP STA to verify the identity of  a known AP prior to transmission of any pre-association PPDUs to the AP. This mechanism should allow the non-AP STA to limit its transmission of Probes Requests and Association Requests to a known AP to a location where the known AP is actually present (i.e., not to a spoofed AP).   

 

Regards,

Joseph

 

From: G Smith <gsmith@xxxxxxxxxxxxxxxxxxx>
Sent: Thursday, August 18, 2022 12:03 PM
To: STDS-802-11-TGBI@xxxxxxxxxxxxxxxxx
Subject: [STDS-802-11-TGBI] Protection against Spoof AP

 

Thank you for the comments  and feedback on 22/1253r0 on the subject of protection against a Spoof AP.

 

I am considering proposing the following text for insertion into 21/1848 Requirements document:

 

  • 11bi shall define a mechanism for a BPE AP to be identified such that a BPE Client can confirm that the AP is not a spoof AP.  Hence, the BPE Client will not send an Association Request and reveal its presence.

 

I welcome any suggestions or comments

 

Thanks

Graham


To unsubscribe from the STDS-802-11-TGBI list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBI&A=1


To unsubscribe from the STDS-802-11-TGBI list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBI&A=1


To unsubscribe from the STDS-802-11-TGBI list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBI&A=1