> Certificates would solve several problems,... Certificates are used as part of WPA using EAP based authentication. EAP-TLS uses client-side certificates.
and .. on WPA's poor key choice ... you just need to make sure you pick good keys or use WPA with EAP. Paul ________________________________ From: [EMAIL PROTECTED] on behalf of David Rhodes Sent: Sat 11/8/2003 9:35 PM To: [EMAIL PROTECTED] Subject: RE: [BAWUG] Cure for WPA's poor key choice: smart card? > I suppose smart-card based logon/authentication would > cure this problem, by using x509 certificate for SSL > mutual auth according to the protocol specified in > EAP/SSL. I remember read about this from a brochure by MartSoft. Certificates would solve several problems, especially the rogue ap issue that still seems to persist. I'm not sure about the Martsoft offering, but I assume they modified it to work at the network layer somehow(?). I'd be curious to know why at least one-way tls/ssl certs were passed over in favor of current 802.1x/wpa combinations. Of course I can see an issue with pre-auth and maybe dhcp abuse if left as-is dependent on IP for exchange, but it shouldn't be hard to incorporate down a layer. But who's not using IP at this point? Is there anyone here on the 1x committee that can answer this one? Also, I can already see SSID's turning into unique URL's anyway, for public use at least. Be curious if one got sued by T Mobile for trademark infringement if they name their ssid 'tmobile'. Hmmm.. If only the ssid field had room for a 1024bit key.. Cheers, D. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
