Thanks Casper.
You're using OpenBSD and FreeBSD's wireless drivers, correct? I
believe OpenBSD's wireless drivers were lacking those specific
features just a few months ago. (Specifically wpa2 w/ tls)
- support in each and every wireless driver
Not so easy to do, limitations of hardware will still make some users
mad.
I believe Atheros and Intel will be the first to have support for any
of the cutting edge features, they support all of the standards, and
they are the most popular.
- support in a common kernel module
Must be done sooner or later, a common code base which provides
translation of radio modes, encryption, and association routines would
improve on-going maintainence.
- some additional porting required for wpa_supplicant
I'm not so sure about this, which specific functionality are you
talking about, certificates?
James
On Nov 26, 2007, at 2:07 AM, Casper.Dik at Sun.COM wrote:
>
>> Radius w/ TTLS WPA2 is a niche, believe me or not,
>> outside of universities, only one paranoid person I know actually
>> uses
>> it, so maybe you should be aware of the core guidelines OpenSolaris
>> has to follow and the tasks at hand to make it even semi-usable for
>> non-enthusiasts.
>
> Yes, but it seems that the code we base our wpa_supplicant on does
> support the features listed below in the README.
>
> So I am wondering what is needed in (Open)Solaris to support
> the remainder of these?
>
> Is it:
> - support in each and every wireless driver?
> - support in a common kernel module?
> - some additional porting required for wpa_supplicant?
>
> or a combination of the three?
>
> Features
> --------
>
> Supported WPA/IEEE 802.11i features:
> - WPA-PSK ("WPA-Personal")
> - WPA with EAP (e.g., with RADIUS authentication server) ("WPA-
> Enterprise")
> Following authentication methods are supported with an integrate
> IEEE 802.1X
> Supplicant:
> * EAP-TLS
> * EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)
> * EAP-PEAP/TLS (both PEAPv0 and PEAPv1)
> * EAP-PEAP/GTC (both PEAPv0 and PEAPv1)
> * EAP-PEAP/OTP (both PEAPv0 and PEAPv1)
> * EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)
> * EAP-TTLS/EAP-MD5-Challenge
> * EAP-TTLS/EAP-GTC
> * EAP-TTLS/EAP-OTP
> * EAP-TTLS/EAP-MSCHAPv2
> * EAP-TTLS/EAP-TLS
> * EAP-TTLS/MSCHAPv2
> * EAP-TTLS/MSCHAP
> * EAP-TTLS/PAP
> * EAP-TTLS/CHAP
> * EAP-SIM
> * LEAP (note: only with WEP keys, i.e., not for WPA; in addition,
> LEAP
> requires special support from the driver for IEEE 802.11
> authentication)
> (following methods are supported, but since they do not generate
> keying
> material, they cannot be used with WPA or IEEE 802.1X WEP keying)
> * EAP-MD5-Challenge
> * EAP-MSCHAPv2
> * EAP-GTC
> * EAP-OTP
> Alternatively, an external program, e.g., Xsupplicant, can be used
> for EAP
> authentication.
> - key management for CCMP, TKIP, WEP104, WEP40
> - RSN/WPA2 (IEEE 802.11i)
> * pre-authentication
> * PMKSA caching
>
>
>
> Casper
