draft-ietf-capwap-problem-statement-01.txt   draft-ietf-capwap-problem-statement-02.txt 
CAPWAP Working Group P. Calhoun CAPWAP Working Group B. O'Hara
Internet-Draft B. O'Hara Internet-Draft P. Calhoun
Expires: November 8, 2004 Airespace Expires: February 18, 2005 Airespace
J. Kempf J. Kempf
Docomo Labs USA Docomo Labs USA
May 10, 2004 August 20, 2004
CAPWAP Problem Statement CAPWAP Problem Statement
draft-ietf-capwap-problem-statement-01 draft-ietf-capwap-problem-statement-02
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 8, 2004. This Internet-Draft will expire on February 18, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
This document describes the Configuration and Provisioning for This document describes the Configuration and Provisioning for
Wireless Access Points (CAPWAP) problem statement. Wireless Access Points (CAPWAP) problem statement.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4 2. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 4
3. Security Considerations . . . . . . . . . . . . . . . . . . . 6 3. Security Considerations . . . . . . . . . . . . . . . . . . . 6
4. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 6 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 6
Intellectual Property and Copyright Statements . . . . . . . . 8 Intellectual Property and Copyright Statements . . . . . . . . 8
1. Introduction 1. Introduction
With the approval of the 802.11 standard by the IEEE in 1997, With the approval of the 802.11 standard by the IEEE in 1997,
wireless LANs (WLANs) began a slow entry into enterprise networks. wireless LANs (WLANs) began a slow entry into enterprise networks.
The limited data rates of the original 802.11 standard, only 1- and The limited data rates of the original 802.11 standard, only 1- and
2-Mbps, limited widespread adoption of the technology. 802.11 found 2-Mbps, limited widespread adoption of the technology. 802.11 found
wide deployment in vertical applications, such as inventory wide deployment in vertical applications, such as inventory
skipping to change at page 6, line 9 skipping to change at page 6, line 9
work is needed to apply or develop standard protocols providing for work is needed to apply or develop standard protocols providing for
multi-vendor interoperable implementations of WLANs built from multi-vendor interoperable implementations of WLANs built from
devices that adhere to the newly appearing hierarchical architecture devices that adhere to the newly appearing hierarchical architecture
utilizing a functional split between an access point and an access utilizing a functional split between an access point and an access
controller. controller.
3. Security Considerations 3. Security Considerations
The devices used in WLANs control the access to networks and provide The devices used in WLANs control the access to networks and provide
for the delivery of packets between hosts using the WLAN and other for the delivery of packets between hosts using the WLAN and other
hosts on the WLAN or elsewhere on the internet. The functions for hosts on the WLAN or elsewhere on the Internet. The functions for
control and provisioning of wireless access points, therefore require control and provisioning of wireless access points, therefore require
protection to prevent misuse of the devices. protection to prevent misuse of the devices.
Requirements for central management, monitoring, and control of Requirements for central management, monitoring, and control of
wireless access points that should be addressed include wireless access points that should be addressed include
confidentiality, integrity, and authenticity. Once an AP and AC have confidentiality, integrity, and authenticity. Once an AP and AC have
been authenticated to each other, it may not be sufficient that a been authenticated to each other, it may not be sufficient that a
single level of authorization allows monitoring, as well as control single level of authorization allows monitoring, as well as control
and provisioning. The requirement for more than a single level of and provisioning. The requirement for more than a single level of
authorization should be determined. Physical security should also be authorization should be determined. Physical security should also be
addressed, for those devices that contain security parameters that addressed, for those devices that contain security parameters that
are sensitive and might compromise the security of the system, if are sensitive and might compromise the security of the system, if
those parameters were to fall into the hands of an attacker. those parameters were to fall into the hands of an attacker.
4 References APs are often installed in locations that are difficult to secure, in
order to provide comprehensive radio coverage. The CAPWAP
architecture may reduce the consequences of a stolen AP. If
high-value secrets, such as a RADIUS shared secret, are stored in the
AC, then the physical loss of an AP does not compromise these
secrets. Further, the AC can easily be located in a physically
secure location. Of course, concentrating all of the high-value
secrets in one place makes the AC an attractive target, and strict
physical, procedural, and technical controls are needed to protect
the secrets.
Authors' Addresses Authors' Addresses
Pat R. Calhoun Bob O'Hara
Airespace Airespace
110 Nortech Parkway 110 Nortech Parkway
San Jose, CA 95134 San Jose, CA 95134
Phone: +1 408-635-2000 Phone: +1 408-635-2025
EMail: pcalhoun@airespace.com EMail: bob@airespace.com
Pat R. Calhoun
Bob O'Hara
Airespace Airespace
110 Nortech Parkway 110 Nortech Parkway
San Jose, CA 95134 San Jose, CA 95134
Phone: +1 408-635-2025 Phone: +1 408-635-2000
EMail: bob@airespace.com EMail: pcalhoun@airespace.com
James Kempf James Kempf
Docomo Labs USA Docomo Labs USA
181 Metro Drive, Suite 300 181 Metro Drive, Suite 300
San Jose, CA 95110 San Jose, CA 95110
Phone: +1 408 451 4711 Phone: +1 408 451 4711
EMail: kempf@docomolabs-usa.com EMail: kempf@docomolabs-usa.com
Intellectual Property Statement Intellectual Property Statement
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/