Just a quick follow up on some of my early points, before I get 'reminded' of some omissions here... I was thinking in terms of public access and wasn't considering peap or ttls as viable solutions for roaming and/or anonymous users. If there is anyone successfully using these methods for public access, I would definitely like to hear how that is working out. D.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of David Rhodes > Sent: Saturday, November 08, 2003 9:36 PM > To: [EMAIL PROTECTED] > Subject: RE: [BAWUG] Cure for WPA's poor key choice: smart card? > > > > > I suppose smart-card based logon/authentication would > > cure this problem, by using x509 certificate for SSL > > mutual auth according to the protocol specified in > > EAP/SSL. I remember read about this from a brochure by MartSoft. > > Certificates would solve several problems, especially the > rogue ap issue that still seems to persist. I'm not sure > about the Martsoft offering, but I assume they modified it to > work at the network layer somehow(?). I'd be curious to know > why at least one-way tls/ssl certs were passed over in favor > of current 802.1x/wpa combinations. Of course I can see an > issue with pre-auth and maybe dhcp abuse if left as-is > dependent on IP for exchange, but it shouldn't be hard to > incorporate down a layer. But who's not using IP at this > point? Is there anyone here on the 1x committee that can > answer this one? > > Also, I can already see SSID's turning into unique URL's > anyway, for public use at least. Be curious if one got sued > by T Mobile for trademark infringement if they name their > ssid 'tmobile'. Hmmm.. If only the ssid field had room for a > 1024bit key.. > > > Cheers, > > D. > > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > > -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
