From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-10-11 08:02:54 UTC
On Thu, Oct 10, 2002 at 09:18:18AM +0200, Jacques Caron wrote:
> This is one option, but it is also possible for the AP (and client) to use
> the session key derived from the EAP method directly. This is indicated by
> an empty key field in the EAPOL-Key message. Cisco APs for instance use
> that key as unicast key, and send the encrypted broadcast key (either
> station or generated in case of broadcast key rotation).
Yes, that's true. I had already forgotten that option since I implemented only the method in which the AP generates the keys. Adding support for this AS-generated key use would be simple, so I might add it as an option. I would prefer the option in which AP takes care of WEP keys, but using AS-generated keys might be useful for AP devices that do not have any reliable source for generating random numbers.
-- Jouni Malinen PGP id EFC895FA