Optional WPA and RSN

[Pawel Foremski]

Hello,

Since it's my first post on this list, I'd like to thank Jouni very much for 
his outstanding work (hope the hostap project gives him a lot of fun and 
satisfaction :D).

The problem I'm trying to solve is wireless LAN in conference rooms - nothing 
tough, I know, but I want it to be quite secure and compatible with current 
standards - reason is obvious - Windows clients.

I have drafts of two possible solutions in my mind now - one is "purely 
802.11" and the second needs extra software and encryption in higher layers.

The first - 802.11 solution - should work as following:
- clients connect without any encryption
- instead of first web page they get Chillispot authentication screen (UAM)
  and info about possible encryption - WPA or RSN (for example with 
  authentication via PEAP)
- now they can reconfigure their systems, enable WPA2 and reconnect to AP once 
  more, this time securely, or login via Chillispot
- rest is done by DHCP etc.

BTW, the second solution would probably use PPTP or OpenVPN, but as they all 
require more "clicks" by the end user and are some kinds of "work-arounds", I 
would prefer the first method.

And here is my question: would it need a lot work (possibly hacking 
hostapd/drivers) to make hostapd allow both no security at all and RSN (or at 
least old WPA) at the same time on one access point?

Regards,

-- 
Pawel Foremski
pjf at asn.pl