[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    RE: LEAP Support
From:       "Jason Lixfeld" <jlixfeld () fastvibe ! com>
Date:       2002-09-30 17:54:54
[Download RAW message or body]

I'm not misunderstanding you, I'm agreeing with you! :)

I was under the impression that X was going to have some of the LEAP
features built in.  I was mistaken, or misunderstood -- it's all good!
:)

My terminology sucks, so I'll use laymans terms here, but what does the
EAP-TLS module support?

Dynamic/Rotating (wep?!) keys ( Cisco TKEP (Temporal Key Exchange
Protocol-like, or other methods?) to provide encrypted data between the
supplicant and the AP, aswell as radius authen/author.  I know the
EAP-TLS module for FR works to authenticate the supplicant, but I'm not
sure about the encryption and key rotation mechanisms that this module
implements (if any) and how it compares to LEAP's version.

> -----Original Message-----
> From: freeradius-users-admin@lists.cistron.nl 
> [mailto:freeradius-users-admin@lists.cistron.nl] On Behalf Of 
> Artur Hecker
> Sent: Monday, September 30, 2002 1:11 PM
> To: freeradius-users@lists.cistron.nl
> Subject: Re: LEAP Support
> 
> 
> please do not misunderstand me.
> 
> there is nothing bad about confusing the (terrible) abbreviations and 
> standard names in the communications. i just wanted to know 
> if there is 
> one more thing that i totally missed and definitely should 
> know about :)
> 
> i don't expect people to research everything before asking. 
> (if we did 
> that, there would be hardly any such thing as a user news group).
> 
> Jason Lixfeld wrote:
> > Interesting.  I thought that there was a standard in the process of
> > being ratified where some of the Cisco LEAP extensions were 
> going to be
> > built into an 802.11 security extension which I though was 
> X.  I didn't
> > research it, rather I took the word from the guy who told 
> me as gospel.
> > I either misunderstood or he doesn't know what he's talking 
> about.  I'd
> > like to think the former is more likely than the latter.
> 
> just for the case, you didn't know that or for general information:
> 
> 802.1X is the standard of port based access control to the 
> 802 networks. 
> i.e. basically you have an access device which blocks every 
> link layer 
> frames except if they carry an EAP message in them. so, the protocol 
> also describes how to carry EAP (which is originally designed to be 
> carried in the PPP messages, just like CHAP or PAP) directly 
> in the 802 
> frames. they call it EAPoL (over LAN) or EAPoW (over Wireless).
> 
> so, the access device (e.g. an access point, AP) accepts the 
> EAP frames 
> and, depending on their information it acts in some way. IEEE 
> explicitely states that an AP could directly respond to those 
> messages 
> according to the carried type etc. but they suggest of course to use 
> some centralized architecture. notably they explicitely describe the 
> usage with RADIUS. and so, the most APs accept EAP on one side and 
> translate it into RADIUS at the other and vs.
> 
> now EAP itself can carry whichever information. the 
> EAP-methods on the 
> both sides of the connections take the appropriate actions and the AP 
> (if it is not the method carrier itself) is finally informed by the 
> RADIUS-access accept message. if it gets this message, it opens the 
> controlled port completely, thus accepting whichever arriving frames. 
> otherwise the port remains in the controlled state, i.e. only EAP 
> messages are treated.
> 
> LEAP could be probably seen as a special EAP type. but i 
> think there are 
> some more differencies in it, notably because the APs AND the 
> Server are 
> concerned at the same time. that would never be the case in 802.1X.
> 
> 
> ciao
> artur
> 
> 
> 
> -- 
> Artur Hecker				     Groupe Accès et Mobilité
> hecker[at]enst[dot]fr		  Département Informatique et Réseaux
> +33 1 45 81 7507		46, rue Barrault 75634 Paris cedex 13
> http://www.infres.enst.fr				   ENST Paris
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 




[prev in list] [next in list] [prev in thread] [next in thread]