Control And Provisioning of Wireless Access Points (CAPWAP) Threat Analysis for IEEE 802.11 Deployments
RFC 5418

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>, 
    capwap mailing list <>, 
    capwap chair <>
Subject: Document Action: 'CAPWAP Threat Analysis for IEEE 
         802.11 Deployments' to Informational RFC 

The IESG has approved the following document:

- 'CAPWAP Threat Analysis for IEEE 802.11 Deployments '
   <draft-ietf-capwap-threat-analysis-05.txt> as an Informational RFC

This document is the product of the Control And Provisioning of Wireless 
Access Points Working Group. 

The IESG contact persons are Dan Romascanu and Ron Bonica.

A URL of this Internet-Draft is:

Technical Summary

   Early Wireless Local Area Network (WLAN) deployments feature a "fat"
   Access Point (AP) which serves as a stand-alone interface between the
   wired and wireless network segments.  However, this model raises
   scaling, mobility, and manageability issues, and the Control and
   Provisioning for Wireless Access Points (CAPWAP) protocol is meant to
   address these issues.  CAPWAP effectively splits the fat AP
   functionality into two network elements, and the communication
   channel between these components may traverse potentially hostile
   hops.  This document analyzes the security exposure resulting from
   the introduction of CAPWAP, and summarizes the associated security
   considerations for IEEE 802.11-based CAPWAP implementations and

Working Group Summary

   This document represents a very strong consensus of the WG. Many 
   analyses and concerns raised in the WG by the Security Advisors for WG

   have been painstakingly addressed in the CAPWAP base & binding 
   protocol drafts. This document reflects well the state of the security

   model of the resulting CAPWAP protocol.

Document Quality

   This document has been very well-reviewed. The draft itself is 
   authored by both the Security Advisors to the WG. In addition to a lot

   of review within the WG rhe doument got an early secdir review (Joe 
   Salowey) and received considerable ananlysis and feedback including 
   the Security AD as well as the IETF chair.  Gonzalo Camarillo 
   performed the GenART review and Dan Romascanu the OPS AD review. All 
   issues raised during the course of these reviews were carefully 
   tracked in an issue tracker and fully addressed.


   Mahalingam Mani is the document shepherd and Dan Romascanu is the 
   responsible Area Director. 

RFC Editor Note

1. Add to Section 1 the following:

1.2 Notations

      The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      "OPTIONAL" in this document are to be interpreted as described in
      RFC 2119.

2. Add RFC2119 to the Normative References. 

3. Expand CAPWAP in the document title. 

4. Remove [RC4017] from the Informative References list. 

5. In Section 13:


This document outlines a threat analysis for CAPWAP


This document outlines a threat analysis for CAPWAP, in the context of
IEEE 802.11 deployments