new prism (connexant)
jim at netgate.com
Wed Jun 16 11:48:27 EDT 2004
On Jun 16, 2004, at 8:28 AM, Denis Vlasenko wrote:
>> So no, 802.1x isn't fatally flawed. Its better than WEP, and
>> 802.1x/EAP-TLS is *AT LEAST* as good running
>> IPSEC over the wireless link in all but the situation where full certs
>> are deployed at each end.
> There are at least three working crypto tunnels for Linux which I used,
> and one of them, OpenVPN, is as strong as IPSEC and also have Windows
> Then, ther is IPSEC itself. For the time being, I will try to stay away
> from 802.1X
Unless you deploy x509 certs at both ends, you're open to a MIM attack,
even with IPSEC.
More information about the HostAP