Fast-forwarding to the present… CAPWAP is still gestating Just split original draft into base + 802.11 binding The protocol will grow/change as we gain deployment experience We may somehow extend/modify the 802.11 binding (e.g. for 11n) there will likely be other bindings defined Some changes may impact security model How will we know when this occurs? Those designing new features should take existing security considerations/assumptions into account It might be us adding new features… or it might be someone new They will need to know what we were thinking about Security assumptions/requirements should be made explicit Recommendation: Working group should undertake and document a comprehensive CAPWAP threat analysis based on current base protocol and 802.11 binding (Informational) There is currently a 00 draft We’d like to see this accepted as a work item |