Authentication in WPA-PSK is implicit. When the key exchange completes successfully and encrypted frames start flowing in both directions, it is assumed that the same shared secret is available on both the station and AP.
WPA-PSK is a specific mechanism that does not include any EAP authentication exchange. So, you would not be able to do EAP-MD5 followed by WPA-PSK. However, you could develop your own EAP method that does that. You would need to develop an 802.1X supplicant for the station and an 802.1X authenticator for the AP. -Bob -----Original Message----- From: Krishna Prasanth [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 10:20 PM To: Bob O'Hara Cc: [EMAIL PROTECTED] Subject: RE: [BAWUG] Dynamic WEP Keys Hi Bob, Thanks for the answer. I have another query. If the station & AP are both configured for WPA-PSK, can we do authentication?? If so how?? (Can we enforce EAP-MD5 Authentication) and then enforce Key-Negotiation using WPA-PSK 4-way handshaking?? Pls clarify me. thanks in advance. --- Bob O'Hara <[EMAIL PROTECTED]> wrote: > Actually, the answer is yes, you can support dynamic > WEP keys without an > EAP authentication method. The way to do this is > with a pre-shared key. > This requires entering a key or pass phrase on both > the client and AP, > and enabling WPA-PSK as the security method. The AP > and client then use > the EAPOL-Key messages to exchange pairwise and > group keys. Wi-Fi > equipment with the WPA box checked on their > capability label provide > this function today. 802.11i includes it, as well. > > -Bob > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Nelson, David > Sent: Wednesday, December 03, 2003 6:38 AM > To: [EMAIL PROTECTED] > Subject: RE: [BAWUG] Dynamic WEP Keys > > > Krishna writes... > > > Can any one let me know, whether we can support > > Dynamic WEP Keys without using EAP-methods like > > EAP-TLS etc?? > > No. The IEEE 802.1X EAPOL key messages require > TLS-based authentication > to derive fresh session keys with which to protect > the distribution of > Dynamic WEP keys. While other key management > methods are, of course, > possible, they would be proprietary. > > Regards, > > Dave > > David B. Nelson > Wireless & AAA Architect, Office of the CTO > Enterasys Networks, Inc. > 50 Minuteman Road > Andover, MA 01810-1008 > Phone: (978) 684-1330 > E-mail: [EMAIL PROTECTED] > > -- > general wireless list, a bawug thing > <http://www.bawug.org/> > [un]subscribe: > http://lists.bawug.org/mailman/listinfo/wireless > -- > general wireless list, a bawug thing > <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
