Wireless Provisioning Service Protocol

Josh Howlett josh.howlett at bristol.ac.uk
Thu Oct 6 22:02:11 CEST 2005

Artur Hecker wrote:
> hmmm.
> i am not sure if the question is to be impressed.

I admit I was being a bit flippant.

> it is simply true  
> that some signaling is necessary to allow user to choose a network  
> (e.g. an operator). in usual hotspots you end up with a web page  which 
> can present you all the information you need (e.g. prices,  names, 
> available services, etc.) - however without any L2 security.
> but in 802.1X you have to first authenticate to be able to exchange  any 
> signaling. this is indeed insufficient e.g. for WISPs: how do you  know 
> that your authentication will work in a particular network?  which 
> authentication protocol should you use if it does not? what  will you 
> pay by accessing there? which service do you get? etc. etc.  etc. all 
> these things become terribly complicated. in fact, i've  written a paper 
> on that about two years ago... using something like  TTLS/PEAP provides 
> a tunnel which you can use to exchange any data  with the operator's 
> control plane, and that prior to IP.
> could you be more specific?

I'll try and keep this brief, because it's a bit OT. WPS doesn't seem to 
offer anything particularly novel, besides a proprietary mechanism for 
configuring the Windows supplicant.

A much more sane approach, IMHO, is simple authentication-by-proxy as 
implemented by several roaming consortia.

Microsoft should put more effort into fixing their terribly broken 
supplicant, and stop trying to invent wheels...


More information about the Freeradius-Users mailing list