[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Wireless LAN Certificate Extensions
Hi,
>>>>> On Wed, 24 Jul 2002 17:40:33 -0400,
"Housley, Russ" <rhousley@xxxxxxxxxxxxxxx> said
about: Wireless LAN Certificate Extensions:
rhousley> At the IETF meeting in Japan last week, I gave a presentation on
rhousley> draft-ietf-pkix-wlan-extns-00.txt. I got one question that deserves
rhousley> discussion on the list.
It's my question.
rhousley> The question was: Can the SSID change? And if so, is there a more stable
rhousley> alternative that we could include in the certificate instead.
rhousley> Yes the SSID can change, but it does not change often. For example when
rhousley> Mobilestar was bought, the SSID was changed to TMOBILE from Mobilestar.
rhousley> There isn't a good replacement. One that the authors considered is the
rhousley> network name of the RADIUS server/proxy (not the final RADIUS server) which
rhousley> would be mobilestar.com in the previous example. However, this name would
rhousley> also change under then same circumstances that cause the SSID to change.
rhousley> I propose that we stick with SSID as described in the document.
If this extension can be included in either PKC or AC, we can select
the alternative for a volatile SSID with reduced revocation cost, I think.
Any comments?
----
Hiroyuki CHIBA: hiro@xxxxxxxxxxxxxxxxxx clin@xxxxxxxxx
Security Solution Promoting Division, Hitachi,Ltd.