Re: WPA problem and eduroam

[Tomasz Wolniewicz <twoln@xxxxxx>]

Fighting everyone is a tough task :).

A.L.M.Buxey@xxxxxxxxxxx wrote:
> to this end I'd suggest that the TKIP issue be looked at to work
> at ways in which the affect can be reduced - eg best practice
> for key rotation times etc - and then , perhaps, the technical
>   
Key rotation means, in practice, reauthentication. In eduroam
reauthentication takes over 1s.
I did not test what it does to the connection, but I would suspect that
one will observe a break.
> to do AES, Windows boxes needing hotfixes or SP3 before AES
> is an option in the supplicant...easy to install 3rd party supplicant
> packages that provide 'eduroam for the laptop' out of the box etc.
>   
Windows laptop - fine, but what about mobile phones, MP3 players with
WiFi and whatever comes next?
If eduroam is to be a nice service it cannot rely on a single
supplicant. OpenSEA project just about shows how hard it is to create one.

Of course we can wait and hope that vendors will fix their supplicants
to work with both AES and TKIP giving preference to AES. My Nokia phone
already does that (but breaks down when dynamic WEP is also used!),
perhaps Windows can do this as well in future. OpenSEA should be able to
handle that.


Tomasz

-- 
Tomasz Wolniewicz    
          twoln@xxxxxx        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576