802.1X can be quite user-friendly if you use an onboarding tool such as CloudPath XpressConnect Wizard.
802.1X was designed for large enterprise networks. The PSK was never designed to be used in this manner, hence the name WPA2-Personal. Bruce Osborne Wireless Engineer IT Infrastructure & Media Solutions (434) 592-4229 LIBERTY UNIVERSITY Training Champions for Christ since 1971 From: Joel Coehoorn [mailto:jcoeho...@york.edu] Sent: Sunday, June 21, 2015 4:48 PM Subject: Re: Wi-Fi Sense (Windows 10) I don't know. It seems like encryption and authorization are really two different things that wifi networks have historically conflated. For our network, I'd really like a better user-friendly (ie, not .1x) option that provides good encryption, but assumes you are authorized by default. Any authorization or policy enforcement should take place at a different level, so it can include wired connections, too. I haven't looked at the implementation details, but if done correctly, this has the potential to solve an issue with large PSK networks, such that I could use a Win10 machine to seed the key, without the normal weakness that anyone who knows the key can decrypt anyone else's traffic. Of course, the devil is in the details, and I found it unlikely that the key sharing mechanism will be adequately secure, or even if it is, that enough device types will support this fast enough to make it a reasonable option. ________________________________ From: Hunter Fuller<mailto:hf0...@uah.edu> Sent: 6/21/2015 3:08 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Subject: Re: [WIRELESS-LAN] Wi-Fi Sense (Windows 10) Totally unacceptable. It's like MS missed one of the main points of PSKs (as opposed to non-encrypted networks) - to keep people out. -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Sun, Jun 21, 2015 at 9:45 AM, James Andrewartha <jandrewar...@ccgs.wa.edu.au<mailto:jandrewar...@ccgs.wa.edu.au>> wrote: > Has anyone tried out Wi-Fi Sense in Windows 10 yet? It's a feature that lets > you share PSKs with your Facebook and Skype friends, although they don't get > to see it. The only way to opt-out as a network operator is to include > "_optout" in the SSID, or use 802.1x. > > > Given you can run netsh wlan show profile name="SSID" key=clear I wonder how > it will interact with Aerohive Private PSK and Ruckus Dynamic PSK which give > each user their own individual PSKs per-device. > > > http://www.reddit.com/r/sysadmin/comments/3aam8m/because_i_really_want_my_clients_wpa_keys_shared/ > > > -- > > James Andrewartha > Network & Projects Engineer > Christ Church Grammar School > Claremont, Western Australia > Ph. (08) 9442 1757 > Mob. 0424 160 877 > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
