RE: WPA problem and eduroam

["Josh Howlett" <Josh.Howlett@xxxxxx>]

> >> The recent breakage of the TKIP encyption algorithm suggests to 
> >> transition to an AES infrastructure in the short to 
> mid-term future.
> >
> > Why?
> >
> > I'm struggling to understand what the percieved problems are!

<snip>

> The immediate impact is still limited (but far 
> from non-existent)

So I think it is reasonable to say that our reaction needs to be
proportionate to the limited impact.

> but in the long run, it is imaginable 
> that more exploits show up. In order to be prepared for that, 
> I do think it makes sense to offer a migration path away from 
> TKIP to institutions. Due to the lack of alternatives, the 
> only target of such a migration path is AES.
> 
> Does that sound sensible to you?

Yes, it's fine in my opinion. I suggest adding it to the advisory. We
need to be that the response is proportionate; we don't want
Institutions to panic and pull their eduroam services! We don't need
perfect security, it only needs to be Good Enough.

josh.

JANET(UK) is a trading name of The JNT Association, a company limited
by guarantee which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Science and Innovation Campus, Didcot, Oxfordshire. OX11 0SG