[TriLUG] trying to understand secure wpa options
Joseph Mack NA3T
jmack at wm7d.net
Tue Jul 31 13:56:27 EDT 2007
On Tue, 31 Jul 2007, Brian McCullough wrote:
>
> Incidentally, Joe, I just ran across this article that may be of some
> interesting, apropos of RSA keys.
s/interesting/interest/
> http://www.securecomputing.com/index.cfm?skey=1750#mobilepass
ingenious.
Still I'd rather not require people to whip out another
droppable/missplaceable device just to connect - flipping a
laptop from one spot to another without doing any mechanical
nastiness is enough of a problem, when you're carrying
folders, without asking people to bring their cell phone
down from their shoulder/cheek, put their phone call on
hold, get a random number ....
I found that IPSec user key pairs are revocable, handling
the lost laptop problem, if I go the IPSec route (in the
early days there was no way to revoke a certificate - I
don't know if this is still true - I'd assumed that user key
pairs were not revocable.)
It's starting to look like the way to go is wpa/wpa2 for the
linklayer. If someone looses their laptop, we'll just have
to change the passwd in everyone's conf file (ie the user
won't need to enter a passwd for the linklayer).
Am still hacking my way through setting up radius.
Haven't got anything sensible to say about radius yet.
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
More information about the TriLUG
mailing list