hi Ian
> 1. Wi-Fi Alliance certified Access Points will very shortly be required to > be WPA-capable. yes, it's intended to include WPA in the verification process. > 2. You will be able to turn WPA on or off (at least initially). yes, plus mixed mode. > 3. When WPA is turned on, there will be two modes available: > i) Pre-Shared Key (PSK) mode for Home/Soho use with no RADIUS server. > ii) RADIUS mode with EAP. > > I can't see from the literature if being able to do *both* of these modes is > mandatory, or if there will be APs shipping with just the first one for the > SoHo market. What's your impression? well, the second comprises the first, so the real question is, will there be any hardware with SoHo only? i would say yes, since they can hardly dictate the implementation of RADIUS clients on all APs and, let's be honest, it's far too complicated for a home user... so, i think they will perhaps write something like "SoHo" under the logo or i don't know what. in the case of doubt, such hardware will be available without the WiFi logo... there is nothing to verify anyway: today, all 802.11 hardware is based above the same bunch of chipsets (3 or 4) which cooperate quite well. > Either way, it's good news for freeradius, right? If both WPA modes are on > all APs, then you will be able to point any Wi-Fi certified AP at Freeradius > and use EAP to authenticate. well, it improves the security. additionally, TKIP and all other WPA methods are implemented by some manufacturers since some time now... so, it's perhaps logical to define it and to test those one against another. i only hope, that it won't produce too much disorder (WEP/WPA/802.1X/802.11i - puhhh - you don't need to study in order to run a two nodes network, right?) for the corporate market though i think that 802.11i is still necessary. 802.11i is often seen as a too big deal but we shouldn't forget that the per packet usage of a stream cipher over unreliable media (RC4 in WEP) was probably one of the most misunderstood cryptographic proposals ever... it has to go away, sooner or later. ciao artur -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
