What is the difference between Cisco's CCKM key management and WPA key managememt? I've read that CCKM is required for Cisco's proprietary Fast Reassociation feature, but that aside, is CCKM just Cisco's propriatary version of WPA key management? If I implement CCKM for a customer, will they be getting the same level of key management security as a customer with WPA key management implemented?
TKIP requires a key management method, one of which is specified by WPA. Its my understanding that cisco took the basic key management protocol of WPA and added on the functionality of caching these keys/credentials on the "subnet context manager" (a WDS access point) to enable a secure fast reassociation. Hence CCKM, cisco centralized key management. By not having to do a complete reauthentication and not needing to contact a (potentially) distant radius server, roaming is significantly faster. Its essentially adding an 802.11f-like (I think its still just an ieee draft for fast-reassociation) functionality ahead of the competition. I've been told that at its core it derives its data and eapol keys in the same manner as wpa, but I don't know of any independent public analysis of CCKM nor of any examination of its credential exchange.