Taskforce Mobility Mailarchive

Subject	Re: WPA problem and eduroam
From	Tomasz Wolniewicz <twoln@xxxxxx>
Date	Wed, 03 Dec 2008 16:11:10 +0100

Miro,
>> This is exactly where we differ and there is no telling which one of us
>> is right, except that you are the one who is running the service :).
>
> That actually is not an argument.
Wasn't actually meant as one :).

> IMHO yes, becouse it opens dangerous posibillity that we have
> different eduroam flavours accompanied with different SSIDs. And
> chiphers are not the only point in which we can think of various
> eduroam flavours ...
You managed to convince me with this one. Indeed we do not want to get
eduroam-secure, eduroam-open, eduroam-semiopen etc. I still think that,
what I have proposed is not exactly in this category, but I accept that
there is something in it.

Therefore I would suggest that we follow the path that Stefan has
suggested. I would also find it very valuable if we could to take a look
at what are the client issues.

I would be interested to hear your opinion on the client solution, where
we have two profiles, say eduroam-wpa and eduroam-wpa2. User can see
that one or both networks are available. And can choose or automatically
connect to one of them. I wonder if such a solution will also rise some
argument. The SSID is still eduroam, but the client does not see the
name of the network, only the name of the profile. In a way, user's
experience is as if there were eduroam1 and eduroam2 SSIDs. The only
visible difference is that the policy does not regulate how users name
profiles on their computers, so we are not violating anything.
I have chosen eduroam-wpa and eduroam-wpa2 rather then eduroam-tkip and
eduroam-aes partially to signal the user that the one with 2 is
"better", while seeing tkip and aes he would have no clue what they are.
Also some supplicants display information that this is a WPA or WPA2
network without getting into deeper details.

Any comments?

Tomasz

-- 
Tomasz Wolniewicz    
          twoln@xxxxxx        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

References:
- WPA problem and eduroam
  - From: Tomasz Wolniewicz
- Re: WPA problem and eduroam
  - From: Miroslav Milinovic
- Re: WPA problem and eduroam
  - From: Tomasz Wolniewicz
- Re: WPA problem and eduroam
  - From: Miroslav Milinovic
- Re: WPA problem and eduroam
  - From: Miroslav Milinovic
- Re: WPA problem and eduroam
  - From: Tomasz Wolniewicz
- Re: WPA problem and eduroam
  - From: Miroslav Milinovic
- Re: WPA problem and eduroam
  - From: Tomasz Wolniewicz
- Re: WPA problem and eduroam
  - From: Miroslav Milinovic

Prev by Date: RE: WPA problem and eduroam
Next by Date: Re: WPA problem and eduroam
Previous by thread: Re: WPA problem and eduroam
Next by thread: Re: WPA problem and eduroam
Index(es):
- Date
- Thread