Yes, this would have to be with PAP or else it would not support the
needs of most who want, or are, running TTLS. Knowing how many and who
they are however is key.
Also, do not forget about the Kerberos EAP question. I definitely think
this is more of a pipe dream, but still want to present it.
Philippe Hanset wrote:
Walt, Tom,
We use SecureW2.
With all the respect I have for Tom's work,
(we couldn't have done our 802.1x project as easily without SecureW2),
I have to admit that a native client is definitely a seducing idea!
(support wise!)
BUT, let's make sure that we end up with EAP-TTLS PAP
(for all those Kerberos and LDAP back ends)
and not EAP-TTLS MSchapV2 !
If Microsoft decides to do EAP-PEAP with PAP support that would
work for me as well. But as Chris Hessing mentioned before,
PEAP is not as "clean" as TTLS (he didn't use the word clean, I forgot
how he described it. Chris, complain if you don't agree ;-)
Philippe Hanset
Univ. of TN.
-------------------------------------------------------------------------
On Fri, 9 Feb 2007, Walt Reynolds wrote:
Tom,
What I mean by native, is Microsoft implemented and supported. While I
love the work you have done (and do use it), it is still a third party
application. Even if it works flawlessly it is still subject to
'uncertainty' by things like MS patches as was mentioned by John
earlier. This brings up support issues. We can not goto MS if a
patches breaks your supplicant and at the same time can not expect
SecureW2 folks (not sure if others work on it besides you) to have it
back up in working within a day or so.
There is also the end user support issue. Some times anything beyond
opening a web browser can create an issue.
For all others, I have only heard from a few, I really know there are
more out there that would find this useful, but without demand there is
no chance.
Tom Rixom wrote:
Hi all,
I am not sure what you mean by native, but the SecureW2 TTLS Client
has been ported successfully to Vista and will be released soon as a
BETA.
In an early experiment with SecureW2 I have also implemented the server side
of TTLS in IAS (Windows 2K). I left it alone as I figured no one would be
interested.
Regards,
Tom Rixom
SecureW2
-----Oorspronkelijk bericht-----
Van: Jonn Martell [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 8 februari 2007 22:05
Aan: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Onderwerp: Re: [WIRELESS-LAN] Desire for Windows native TTLSv0
Having TTLS support in Windows would be great. It would make so much
sense for implementers. It would be a miracle really! I'm all for it.
Call me skeptical but I don't see it happening. I participated in the
IEEE working groups a few years back and had the opportunity to ask
that specific questions to some of the key Microsoft engineers working
on the stacks. At that time, it was an *absolute* NO - if that has
changed, great but I see no indication of Microsoft doing it. As of
December 2006, the official word from
http://www.microsoft.com/technet/network/ias/iasfaq.mspx is "Microsoft
does not plan to support Tunneled TTLS."
In my opinion, the only way it would appear in Windows is if they saw
market share loss to another desktop OS because of lack of EAP-TTLS
support. Last time I visited the local computer stores a few days ago,
I found it hard to find a laptop that had Windows XP, let alone other
types of OS - they are all Vista!
I admire our friends in Europe and their support for TTLS and cross
edu roaming with eduroam.
But having years of experience supporting clients, the last thing I
would advise an EDU client to do is support a 3rd party client on
Microsoft. One patch can ruin your day and users would blame "your"
3rd party app. Not that I don't trust Microsoft... In an environment
as diverse EDUs, it's a little scary to support 3rd party apps. So
far, I've been a supporter of doing the work on the back end to
support PEAP (MS-Chapv2)
As for supporting PEAP - there's is always a way to do it but it's not
always pretty :-) I call be being a "Microsoft compatible" backend.
:-)
As for inventing and supporting other EAP types - oh goodness - no...
I think we already have a good "collection" to do almost all the
things we need to do :-)
... Jonn Martell, Martell Consulting, [EMAIL PROTECTED] www.martell.ca
On 2/8/07, Walt Reynolds <[EMAIL PROTECTED]> wrote:
In a conversation I had with Microsoft, it was implied that if there is
a demand for it, Microsoft would add TTLSv0 into the native Vista OS.
Since there is a lot of talk on the EAP types today, I thought I would
post my own question. How many of you out there would like to have
TTLSv0 native within Windows.
Many out there will of course be using PEAP. But for those out there
that don't, or can't, please let me know.
As a secondary question, who would be interested if there was some sort
of Kerberos EAP (not TTLS with PAP).
Thanks.
--
Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
--
Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
--
Walt Reynolds
Principle Systems Security Development Engineer
Information Technology Central Services
University of Michigan
(734) 615-9438
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
