Info on 802.1x
Jacques Caron
Jacques.Caron
Sat Oct 26 10:09:51 PDT 2002
Hi,
802.1X is an IEEE standard for port based access control for all 802 media.
Its purpose is to provide authentication services (using EAP, the
Extensible Authentication Protocol) before letting packets go through the
port (or association in the case of 802.11). 802.1X is mostly just an
encapsulation of EAP over 802 media (EAPOL, EAP over LAN), really, but it
also adds key distribution features.
802.1X is particularly useful for 802.11 networks, as it provides a key
management system, allowing for dynamic keys (in most cases per-session
keys), and authentication of users, but it can also be useful for wired media.
802.1X is not "a fix for WEP", it adds some of the features that are needed
to make WEP really practical (the key management system). However, since
you can change keys frequently when using 802.1X, you can make sure that a
key is never used long enough that anyone could capture enough packets to
find the key, and even if they found the key, it wouldn't be usable for a
long time. But that's really just a workaround, not a real fix.
You can find some info about 802.1X on www.open1x.org, and a lot more on
Bernard Aboba's excellent 802.11 security page at www.drizzle.com/~aboba/IEEE/
Note however that the full interaction between 802.1X and 802.11 is still
in flux, as 802.11's Task Group i (Enhanced Security) is working on that
(that includes new Key descriptor messages, new encryption based on AES,
the removal of the 802.11 authentication, TKIP, and a lot more...).
Hope that helps,
Jacques.
At 00:22 26/10/2002, Brad Colbert wrote:
>Hi folks,
>
>Where can I go and find out information on 802.1x? I'm assuming it's a
>fix to the WEP problem but haven't read much about it. Also, am I
>correct in understanding that HostAP supports this now?
>
>Thanks,
>Brad
>
>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
-- Jacques Caron, IP Sector Technologies
Join the discussion on public WLAN open global roaming:
http://lists.ipsector.com/listinfo/openroaming
More information about the Hostap
mailing list