Salut,
On Mon, Nov 19, 2007 at 02:20:54PM -0800, David Newman wrote:
> There is some layer-2 stuff that happens before layer-3 handshaking
> begins -- 802.11 association and deassociation, possibly layer-2
> learning, and 802.1X authentication if that's used. IPSec will not and
> cannot secure any of this.
Is there any need to secure that? In my local WLAN, you only have two
ways of proceeding if you want internet access: a Tor router, or
IPsec. If you come in without IPsec, i.e. you cannot establish the IKE
handshake, and if you don't us the Socks proxy Tor provides, you are
trapped in a local network where noone except all of the laptops are.
Sure thing, you can communicate with another unauthenticated laptop,
but I don't care that much about this scenario, since it does not
cause me any problems.
> Wireless LANs are a technology in which sensitive data may go in the
> clear at L2 before L3 gets started. In this case L2 security mechanisms
> such as WPA are appropriate, and do not rule out the use of
> complementary mechanisms like IPSec or SSL.
What sensitive data do you see me exchange before IPsec connectivity
is established?
> Even if you don't care about authenticating or encrypting L2 data,
> there's still the issue of bandwidth and resource consumption at L2.
> 802.11 is extremely chatty. Using WPA or (if you must) WEP to keep the
> airwaves free (well, to the extent possible) can help there.
With a, that's not that much of a problem usually
Tonnerre
[demime 1.01d removed an attachment of type application/pgp-signature]
