new prism (connexant)

Jim Thompson jim at netgate.com
Wed Jun 16 11:48:27 EDT 2004


On Jun 16, 2004, at 8:28 AM, Denis Vlasenko wrote:
>> So no, 802.1x isn't fatally flawed.  Its better than WEP, and
>> 802.1x/EAP-TLS is *AT LEAST* as good running
>> IPSEC over the wireless link in all but the situation where full certs
>> are deployed at each end.
>
> There are at least three working crypto tunnels for Linux which I used,
> and one of them, OpenVPN, is as strong as IPSEC and also have Windows 
> port.
> Then, ther is IPSEC itself. For the time being, I will try to stay away
> from 802.1X

Unless you deploy x509 certs at both ends, you're open to a MIM attack, 
even with IPSEC.




More information about the HostAP mailing list