hi > So, there are ways to implement dynamic WEP, but there is no standard way? > I think "broadcast key rotation" is something different, right?
right, the actual WEP rotation is possible with that solution and definitely possible at server's wish anytime BUT for what concerns the WEP keys it's always AP's own affair. i suppose there can be some APs outthere which could just rotate the keys. anyway, since the AP creates the key, you can't be sure about its generation quality. It's a funny approach, which the people at Cisco+MS took as they set up this. perhaps they thought that in that way the WEP changes are transparent to the mechanism they conceived. perhaps they didn't think much at all. we discussed that with Raghu, there are certainly advantages and disadvantages of doing it this way... > > does it lose the connection (tcp e.g.) during the rekeying in your case? > > i would suppose that it does since the AP should close the port during > > re-auth. with AP regenerating keys you don't lose the connection, that > > would be an advantage. however, for more security you should set a > > session-timeout to some reasonable finite value. > > I guess i lose the connection, but what's a good way to check this for sure? hmm? you open a tcp connection (http download) just before the session-timeout occurs. you know when you connected, so just set the session timeout to 1 min and try 30 seconds later to download a rather big file. don't use download manager, just a normal ftp or netscape download or something. if it stops after 20-40 seconds, you know what was happening. you can even see when the session timeout occurs by starring at the log of the running server. ciao artur -- _____________________________________________________________________ Artur Hecker Groupe Accès et Mobilité hecker[at]enst[dot]fr Département Informatique et Réseaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
