Hi Artur,
A much more sane approach, IMHO, is simple authentication-by-proxy as
implemented by several roaming consortia.
are we still talking about L2 security? if yes, can you provide some
references on this? i don't know anything about it.
I mean EAP over RADIUS within a roaming consortium. A good example of
one, which I'm involved in, is eduroam (www.eduroam.org).
Most of the effort in WPS is expended in provisioning configuration
stuff (SSID names, etc). But it's reasonably trivial for a roaming
consortium to agree on these without requiring a protocol like WPS.
Microsoft should put more effort into fixing their terribly broken
supplicant, and stop trying to invent wheels...
that's where we almost agree :-) MS really could and should improve
their supplicant a lot, both in terms of correctness and in terms of
usability. it's still a pain in the ass to use. the supported EAP
methods are scarce. the API has changed several times since XP and the
newest one is difficult to decipher... (greetings to Tom).
however, i do expect from somebody as big as microsoft to do research,
to invent stuff and to specify new things. btw, that's what the
community was always critisizing MS before. they did hire some of the
best scientists (look at their R&D stuff), so why shouldn't they invent
new things now?
It would be nice if this stuff ended up in their products, and worked!
josh.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html