Wireless Provisioning Service Protocol
Josh Howlett
josh.howlett at bristol.ac.uk
Thu Oct 6 22:02:11 CEST 2005
Artur Hecker wrote:
> hmmm.
>
> i am not sure if the question is to be impressed.
I admit I was being a bit flippant.
> it is simply true
> that some signaling is necessary to allow user to choose a network
> (e.g. an operator). in usual hotspots you end up with a web page which
> can present you all the information you need (e.g. prices, names,
> available services, etc.) - however without any L2 security.
>
> but in 802.1X you have to first authenticate to be able to exchange any
> signaling. this is indeed insufficient e.g. for WISPs: how do you know
> that your authentication will work in a particular network? which
> authentication protocol should you use if it does not? what will you
> pay by accessing there? which service do you get? etc. etc. etc. all
> these things become terribly complicated. in fact, i've written a paper
> on that about two years ago... using something like TTLS/PEAP provides
> a tunnel which you can use to exchange any data with the operator's
> control plane, and that prior to IP.
>
> could you be more specific?
I'll try and keep this brief, because it's a bit OT. WPS doesn't seem to
offer anything particularly novel, besides a proprietary mechanism for
configuring the Windows supplicant.
A much more sane approach, IMHO, is simple authentication-by-proxy as
implemented by several roaming consortia.
Microsoft should put more effort into fixing their terribly broken
supplicant, and stop trying to invent wheels...
josh.
More information about the Freeradius-Users
mailing list