[TriLUG] trying to understand secure wpa options
Joseph Mack NA3T
jmack at wm7d.net
Tue Jul 31 13:56:27 EDT 2007
On Tue, 31 Jul 2007, Brian McCullough wrote:
> Incidentally, Joe, I just ran across this article that may be of some
> interesting, apropos of RSA keys.
Still I'd rather not require people to whip out another
droppable/missplaceable device just to connect - flipping a
laptop from one spot to another without doing any mechanical
nastiness is enough of a problem, when you're carrying
folders, without asking people to bring their cell phone
down from their shoulder/cheek, put their phone call on
hold, get a random number ....
I found that IPSec user key pairs are revocable, handling
the lost laptop problem, if I go the IPSec route (in the
early days there was no way to revoke a certificate - I
don't know if this is still true - I'd assumed that user key
pairs were not revocable.)
It's starting to look like the way to go is wpa/wpa2 for the
linklayer. If someone looses their laptop, we'll just have
to change the passwd in everyone's conf file (ie the user
won't need to enter a passwd for the linklayer).
Am still hacking my way through setting up radius.
Haven't got anything sensible to say about radius yet.
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
More information about the TriLUG