Thanks for shooting that down - I did wonder about the "802.1x compatible NIC" bit, but I just don't know enough about this stuff :(
Message: 7 Date: Fri, 31 Jan 2003 16:29:34 -0500 (EST) From: Kevin Arima <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [nycwireless] RE: nycwireless digest, Vol 1 #701 - 1 msg On Fri, 31 Jan 2003, Peter Frishauf wrote: > Interesting article from Pen Computing..... > Quick synopsis: He doesn't know WTF he's talking about. > Is your PDA with integrated WiFi already obsolete? > by Jonathan A. Zdziarski > > In 2001, IEEE began development of a protocol called 802.1x. 802.1x runs on > top of 802.11 and provides port-based authentication services to existing > wireless networks allowing for secure password authentication, dynamic WEP > keys, even VPN capabilities. 802.1x uses a protocol called 'EAP' short for > Enhanced Authentication Protocol. As of December 2002, many corporations > (including Microsoft) and colleges (including MIT and Georgia College & > State University) have implemented the 802.1x protocol on top of their > existing 802.11 wireless infrastructure to secure their wireless networks. > VPN capabilities has nothing to do with 802.1x. 802.1x provides authentication. What the AP or anything else does after being authenticated has nothing to do with each other. > You might think, "Great, wireless is finally getting more secure!" The catch > is that 802.1x isn't merely a software protocol. In order to log onto a > wireless network using 802.1x, you must have an 802.1x compatible wireless > card, a feature that we haven't found on any of this year's WiFi PDAs. While > PCMCIA cards for laptops supporting 802.1x are in no short supply, 802.1x > won't make its way into the PDA world until January 2003, when two software > manufacturers (Funk Software and Meetinghouse Data Communications) release > their versions of 802.1x clients for PocketPC to complement the new 802.1x > compatible CF (Compact Flash) cards to hit the market. This is all scheduled > around Microsoft's latest release of the PocketPC operating system designed > to include 802.1x support. Nevertheless, PDA manufacturers continue to > produce PDAs with integrated WiFi knowing full well that by this time next > year, owners of these PDAs will not be able to log onto most corporate or > college wireless networks. > You have to have a 802.1x compatible NIC? LOL. That's a load of FUD if I ever heard one. Now, if he said that WPA/TKIP isn't going to be compatbile with the current WEP cards, that I could believe. > While raw 802.11b wireless will still be the affordable standard for home > networks, there is little doubt that 802.1x's secure authentication features > will be implemented just about everywhere else. Having been developed by > IEEE, the same organization that created the 802.11b standard, the protocol > has already been widely accepted by the engineering community. Companies > such as Cisco and 3Com have already embraced 802.1x and designed new routers > and networking hardware to depend on it. Microsoft's Windows XP Operating > System utilizes 802.1x to provide 'Network Login' capabilities on secure > infrastructures. 802.1x has already worked its way into many corporation and > campus settings and is continuing to grow to be just as popular as 802.11 > itself. > I'm in the middle of discussing 802.1x with a guy who's in the commitee for 802.1aa. 802.1aa "fixes" many issues within 802.1x, and if you are using WPA, it apparently uses 802.1aa draft specs right now. > Unfortunately due to the name IEEE has given this protocol, which in my > opinion was a big mistake, many people misunderstand the term 802.1x > thinking that the 'x' is a wildcard for any 802.11b compatible card. > Manufacturers naturally aren't going to highlight their lack of 802.1x > support, as their job is to push PDAs. This has left the consumer with > virtually no knowledge of the importance of 802.1x support. > I'm sure he doesn't like 802.3u, or 802.3ab either. Too confusing. As I said before, 802.1x has NOTHING to do with 802.11. It just so happens to be a (somewhat) decent authentication method to securely provide a dynamic session key, as long as you can properly deal with the PKI (which I apparently can't)... > Jonathan A. Zdziarski is president of Atlanta-based Network Dweebs > Corporation that provides real-time messaging solutions, open-source tools, > and professional software design services. His company is also working on a > freeware OpenNAP (napster) client for Pocket PC (see screenshots of > OpenNAPCE) and other corporate Pocket PC software tools. > Ahhh, a president. No wonder it's full of FUD and misinformation... Remember boys and girls, the higher up in title you go, the less you know. Kevin "Starfox" Arima (World Dictator in training) -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
