[HostAP] Re: 802.1x Problems

[Jouni Malinen]

On Thu, Oct 10, 2002 at 10:34:41AM +0530, Manjunathan PY wrote:

> What exactly you mean by "It sends a key pair both to station and AP" ?
> What does the Radius server send to station and AP, in what message does it
> do so?

To AP:

MS-MPPE-Send-Key and MS-MPPE-Recv-Key attributes in Access-Accept
message. These attributes are encrypted as specified in RFC 2548.
Authenticator uses send key to sign and recv key to encrypt the WEP key
to the station (when Authenticator generates the WEP keys).

To STA:

MPPE keys are derived from the secret (between Supplicant and AS)
generated during TLS exchange, so the keys are not send explicitly in
any message, but equal keys are derived both in STA and AS.

-- 
Jouni Malinen                                            PGP id EFC895FA