offtopic: Getting time of ap before EAP-TLS ...

Jouni Malinen j
Sat Apr 21 14:23:06 PDT 2007


On Sat, Apr 21, 2007 at 04:55:11PM -0300, Beat Meier wrote:

> I have a ntp server runnin on my ap with hostapd.
> I have a client which has no availability to store the time because it 
> has no battery so
> every poweroff/poweron cycle the time is lost :-(
> 
> So it is impossible to use EAP-TLS with certificates because the 
> certificate is not yet valid
> if client is started...

> My idead is to connect to th ap which ever to get the time but not to 
> allow network traffic "over" the ap
> only to get the time and after that wpa_supplicant should initialize an 
> EAP-TLS connection...

It might be easier and more secure to ignore the certificate validity
issues during the EAP-TLS authentication and then validate the time
ranges after successfully completeted authentication and NTP time sync.
Ideally, the client would block any other traffic apart from packets
related to NTP before having verified that the certificates were indeed
valid at the time of authentication.

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list