Configuring WDS using hostap
Michael Richardson
mcr
Fri Oct 10 15:17:55 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "vda" == vda <vda at port.imtp.ilyichevsk.odessa.ua> writes:
vda> Secure solution is routed network and clients using
vda> crypted tunneling (cipe?), when 'plain' layer 3
vda> is used only for carrying tunnel traffic. This way
Don't use CIPE.
vda> it would not break when client's 'plain' IP address
vda> change, since tunnel IP address will stay the same.
See www.wavesec.org.
My opinion is that we can find a way to extend the IPsec authenticators
to cover the beacons in some way. I have some ideas, but I haven't researched
all of them yet.
Also, the authorization model proposed on wavesec.org is appropriate
for "open" conference networks - not hotspots. A variation is appropriate
to totally closed networks (i.e. "airport baggage handlers").
In addition, the keys used can be used to authenticate the DHCP process
as well, but the IETF documents are not done there. In particular, no
reference implementation is available. (I'd like to write one, but I'd
need funding to be able to devote serious time to it)
] Train travel features AC outlets with no take-off restrictions| firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys - custom hacks make this fully PGP2 compat
iQCVAwUBP4cwEYqHRg3pndX9AQH/lwP/WdFRQaWfhTj9OL/xOAwvkrqxUWTOr8U9
X9UT1fWW/ShpPEFneQVBIFNdqpy89NxKfmwIGzrZdcEjxUalV1PpaCnIoeuy1D7m
qjt+N2pJsztQr21vrG7ZGGFv7oPsnan5qICak1MWQ+4qbbJZMNp/tpcFKVTG94Q6
6DlQ8iJQpyE=
=JYsm
-----END PGP SIGNATURE-----
More information about the Hostap
mailing list