ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

dynamic keying via 802.1X on IETF wireless

2004-08-04 08:51:37
from [Karen O'Donoghue] [Permanent Link] 
Folks,

We are experimenting with dynamic keying via 802.1X on the
IETF wireless network.  You are invited to try this service if you
wish. However, this isn't production so please do not ask for
assistance from the terminal room help desk staff.  Help
is available from the following (depending on schedule):

   Chris Hessing, Chris(_dot_)Hessing(_at_)utah(_dot_)edu
   Chris Elliott, chelliot(_at_)cisco(_dot_)com

Regards,
Karen

Anonymous 802.1X at IETF 60
===========================
Chris Hessing, University of Utah/Open1x Project

On the IETF 60 wireless network we are providing a separate SSID and VLAN that
does anonymous 802.1X authentication with support for dynamic WEP. The advantage
of using this is your wireless connection will be encrypted using per-user,
per-session keys. In addition, if you choose to check the certificate provided
by the network infrastructure during the authentication phase, you will also
receive some assurance that you are connecting to the IETF 60 network and not
some other network.

If you would like to make use of the 802.1X wireless network, you will need to
use the non-broadcast ESSID of “ietf60-1x”.

You will also need an 802.1X supplicant that has support for TTLS-PAP.  Windows
XP/2000 users can download a plug-in to the native 802.1X client at
http://www.secureW2.com.  Mac OS X users that are running OS 10.3+ already have
support included in the OS.  Directions are provided below. Linux users
can download Xsupplicant from http://www.open1x.org.

Your supplicant will receive a server certificate that is a test certificate.
You can choose to configure your supplicant to accept this certificate the first
time it is provided and check it thereafter, allowing your supplicant to verify
that you are connecting to the IETF network infrastructure, or you can choose to
not validate the server certificate.

The username and password that you use doesn't matter, as long as you fill
something in for both. If you have an option to fill in a domain please leave it
blank.

Note that the encryption type supported at this time is dynamic WEP. We are
not currenly supporting WPA/TKIP.
We are currently working on supporting other EAP authentication types, including PEAP-GTC. 

MAC Users
=========
1. Open Internet Connect
 2.  Under File "New 802.1X connect"
     a. edit config
         name - whatever you want
         username - whatever you want
         password - whatever you want
         wireless network - ietf60-1x
           authentication - only select TTLS
              configure TTLS
              TTLS Inner Authentication - PAP
              no outer id
        connect
3. Self signed cert - accept.


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Jabber at ietf60, Rik Wade
Next by Date:  Re: Jabber at ietf60, Marshall Rose
Previous by Thread:  Notes from WG Chair Training on Sunday, Spencer Dawkins
Next by Thread:  Re: dynamic keying via 802.1X on IETF wireless, Karen O'Donoghue
Indexes:  [Date] [Thread] [Top] [All Lists]