CFB in the real world
Last Post: April 20, 2012:
-
I'm a little confused about the prevalence and real-world use of the CFB.
Practice Exam 1 question 29 on the companion CD states that the CFB is always used by 11n stations, together with TXOP, RIFS, and block ACKs.
Chapter 7 of the Study Guide, in the Block Acknowledgement section states that in the "real world" CFB is rarely, if ever used.
Which is correct?
-
I don't have the book in front of me to reference, but this may not be an "either / or" situation.
The answer may depend on when these parts were written.
If there were not many "n" stations about, it wouldn't matter how "n" does it - you'd never see any..
-
Good point, I hadn't considered that. I assumed that the study guide and practice exam on the companion cd were authored at the same time. That's probably not the case, but I still wonder about the current prevalence of CFB and TXOP. I know block ACK and RIFS are commonly used because they really are required, and maybe the wifi alliance has made headway in certifying more devices that make use of more HT features.
-
I am hopeful that the WFA will do just that.
One problem from a manufacturers point of view is that some of the certifications are disjoint. That is, you may need more than one for a single product. Multiply that for several products and it gets even more expensive to have all your products certified - then add some new feature, and we get to do it all again.
It's not quite a disaster, but it sure makes it hard for smaller companies. The yearly membership stays the same (~$19k), but each individual certification is an additional cost. The prices for re-attempting after a failed certification test are now more standardized between labs, so that must have been a common issue.
I would think a membership in the UNH Wireless Consortium, where they can run PRE-compliance tests (only), would be well worth it for companies trying to save money.
-
I work at a wireless network equipment manufacturer and we've been through the WFA certification process a few times. Each time we're required to acquire a few more certifications because customers and strategic partners require them, especially wireless VoIP handset manufacturers.
We're fortunate to have a skilled SQA team that can peform a similar function as the UNH Wireless Consortium in performing a dry run of the test plan. I can say first-hand that they are not easy to pass and require significant skill and effort to comply.
In the end, WFA certification is really driving good things, like eradication of ancient standards and poor security. It's not easy, but it's a good way to drive the industry forward.
-
I have been a major promoter for WFA, at my company, for the last several years and agree wholeheartedly.
However, I do think they jumped the gun a bit by dumping WPA-TKIP. I think it still has a valuable position in the market place. (unless they know more than they are saying)
I would rather they put more work into their own creations, like WPS, and not try to force TKIP out of the market. To me, the multiple failures in WPS, in both design and implementation (which have since been addressed) are a major embarrassment. I realize WPS is more of a SOHO utility, but IMHO its failure ranks right up there with the naively designed WEP.
I think the implementation problems, mentioned above, would have been caught before the products hit the market if their testing included more QA - not necessarily easy to do.
-
A cruel irony -- the group that certifies my product for proper behavior and security invents a horribly flawed and insecure process for network admission. Oops!!!
-
TKIP was intended to be a temporary solution. They knew it would be crack-able but needed a better solution to wep that could be done on the hardware at the time. When Tkip was put in place most of the wireless gear out there did not have the horsepower to do AES/CCMP.
The sweet irony is they were almost exactly right on how long it would take people to find the vulnerabilities in tkip.
-
@@ron,
AMEN !
Sbyrum,
It's not really broken yet - not if you use non-default SSID's and good passphrases of an adequate
length. -
For the record, the "flawed and insecure process" I was referring to is WPS. TKIP was a good stop-gap measure, but WPS...let's just say I have my reservations :-)
- 1