fast auth time with EAP_TLS?
Andrea G Forte
andreaf at cs.columbia.edu
Wed Feb 8 20:31:58 CET 2006
Alan,
thank you for the response.
Because my authentication time is *so much* different than anything else
I have ever read, I am worring that perhaps even though the
authentication is successful, I am doing something wrong with some
certificate or policy that might end up compromising the security of the
system.
Probably I am not making much sense, however, if you think that this is
not a problem and this behavior looks normal to you, then it is good
enough for me.
Thanks,
Andrea
Alan DeKok wrote:
>Andrea G Forte <andreaf at cs.columbia.edu> wrote:
>
>
>>The problem is that it is taking too little time for the
>>authentication process to complete.
>>
>>
>
> Why is that a problem?
>
>
>
>> In the attached file you can see one authentication process
>>captured using kismet and then parsed with Ethereal.
>>
>>
>
> <sigh> Why is it impossible to run the server in debugging mode, and
>to read the output? That will tell you ever so much more than
>ethereal.
>
> And the packet captures you've done are on the wireless side. The
>RADIUS side is much more interesting.
>
>
>
>>As you cane see the time from Assoc. resp to the first encrypted
>>data packet is only 222 msec. About a year ago it was of the order
>>of one second (and all the literature says so). Has WPA2 improved
>>the authentication time so much?
>>
>>
>
> If the user is authenticated, why do you care? If the whole EAP
>process happens properly, why do you care?
>
> Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list