From: Jim Warner <warner@ca...> - 2001-05-21 00:35:21
Matt Peterson <matt@...> said:
>I'm trying to grasp the whole EAP & 802.1x concepts (it's difficult to
>make sense of current marketing fluff and limited IEEE docs I can get
>ahold of), I'd appreciate any real world experience on the subject.
I have seen drafts of 802.1x. The home turf for this work was
"...environments include corporate LANs that provide LAN connectivity
in areas of a building that are accessible to the general public,
and LANs that are deployed by one organization in order to offer
connectivity services to other organizations (for example, as might
occur in a business park or a serviced office building)."
and it the second paragraph of the intro, it says:
"...Examples of ports where the use of authentication can be desirable
include the Ports of MAC Bridges (as specified in IEE 802.1D), the
ports used to attach servers or routers to the LAN infrastructure, and
associations between stations and access points in IEE 802.11 Wireless LANs.
So far so good. Note that Hewlett Packard is promising 802.1X support
in their wired LAN switches in a software revision later this year.
802.1X isn't just for wireless.
The standard makes provision for the exchange of keys between the
AP and client, but a note on page 35 of the November 29 draft says
that 802.1X does not specify what is in the keys. "The decision
as to which key values are transmitted is made externally to
the operation of the Authenticator and Supplicant and their
associated state machines."
My conclusion is that if interoperability is to extend to LANs
with WEP session keys, some additional standardization beyond
802.1X is going to be required. Remember that my comments are based
on a draft. Someone else on the list may have more current info.
Hope that helps.
On Sun, May 20, 2001 at 05:35:13PM -0700, Jim Warner wrote:
> So far so good. Note that Hewlett Packard is promising 802.1X support
> in their wired LAN switches in a software revision later this year.
> 802.1X isn't just for wireless.
More accuratly, 802.1x has a hack to support wireless which was added
very late in the game. It was not intended to support wireless until
quite recently. It's designed to solve a similar set of problems, but
in a highly dissimilar environment. The wireless extensions look and
feel like a hack to me.
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4