IETF Logo Mail Archive

Re: [88attendees] WPA2 Enterprise WiFi?

"Marco Davids (SIDN)" <marco.davids@sidn.nl> Fri, 08 November 2013 20:24 UTC

Return-Path: <Marco.Davids@sidn.nl>
X-Original-To: 88attendees@ietfa.amsl.com
Delivered-To: 88attendees@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D7B111E824F for <88attendees@ietfa.amsl.com>; Fri, 8 Nov 2013 12:24:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.566
X-Spam-Level:
X-Spam-Status: No, score=-2.566 tagged_above=-999 required=5 tests=[AWL=0.033, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pqwoLVZAd30s for <88attendees@ietfa.amsl.com>; Fri, 8 Nov 2013 12:24:31 -0800 (PST)
Received: from ede1-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) by ietfa.amsl.com (Postfix) with ESMTP id 8C3DF11E8211 for <88attendees@ietf.org>; Fri, 8 Nov 2013 12:24:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn_nl; c=relaxed/relaxed; h=message-id:date:from:organization:user-agent:mime-version:to:cc:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding:x-originating-ip; bh=AKK5+f29P7YO2R1f1IRGIwAja1j88QeRkZTmx9WgoJA=; b=dQE1xZM3mOaKHppfEKWRzHGPz3CNolfz9S/hcmWferUPuK2RVtfTyzLU//LIJI7L4xs51jGB1+/MMHFu/jUtwWeHvw/qCfKp8I77y1nO888gtniTfhSc4R3x/ClZuayU3xXlEBWf3LzTn2YgB1B3DoyCvL74wfcXx6HBKq3kOC0=
Received: from kahubcasn02.SIDN.local ([192.168.2.74]) by ede1-kamx.sidn.nl with ESMTP id rA8KOUb9031060-rA8KOUbB031060 (version=TLSv1 cipher=AES128-SHA bits=128 verify=CAFAIL); Fri, 8 Nov 2013 21:24:30 +0100
Received: from SIDNs-MacBook-Pro.local (94.198.152.220) by kahubcasn02.SIDN.local (192.168.2.77) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 8 Nov 2013 21:24:29 +0100
Message-ID: <527D4877.604@sidn.nl>
Date: Fri, 08 Nov 2013 12:24:23 -0800
From: "Marco Davids (SIDN)" <marco.davids@sidn.nl>
Organization: SIDN
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.1.0
MIME-Version: 1.0
To: "88attendees@ietf.org" <88attendees@ietf.org>
References: <527D3AB4.40600@sidn.nl> <09EFC37F-CFBC-4573-9F44-BA1ECF81F896@kumari.net> <527D4436.9020806@sidn.nl> <CAATsVbbWzUMt0Dqyrq1gUGQ2a2ZBgYn4F_o=W0HfVi+HitysTQ@mail.gmail.com> <527D45DE.2010304@sidn.nl> <22B3888C-410F-4BA3-A26C-26E9F2387066@kumari.net>
In-Reply-To: <22B3888C-410F-4BA3-A26C-26E9F2387066@kumari.net>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [94.198.152.220]
Cc: Warren Kumari <warren@kumari.net>
Subject: Re: [88attendees] WPA2 Enterprise WiFi?
X-BeenThere: 88attendees@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Mailing list of IETF 88 attendees that have opted in to the list." <88attendees.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/88attendees>, <mailto:88attendees-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/88attendees>
List-Post: <mailto:88attendees@ietf.org>
List-Help: <mailto:88attendees-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/88attendees>, <mailto:88attendees-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Nov 2013 20:24:36 -0000

On 08/11/13 12:17, Warren Kumari wrote:

>> If  "ietf/ietf" generates different keys for each person that uses it, I
>> guess we're good.
> 
> Ah, yes. I understand now, we have been talking past each other…
> WPA uses  802.1X EAPOL-Key  packets to distribute per-session keys / there is a temporal key / hand wave hand wave. Every securely gets thier own key...

I believe I was put on the wrong track somewhere along the line. Most
likely because of the same credentials we all use. Somehow in my mind I
drew the wrong conclusion that perhaps we where doing WPA2-PSK (in spite
of the .1x in the name), but that was obviously a stupid assumption.

Thanks, good to know we're safe ;-)

--
Marco
(and yes, I do use a VPN on top of 802.1x)

v2.23.0 | Report a Bug | By Email