[tech] Secure wireless

Patrick Coleman blinken at gmail.com
Mon Apr 12 23:43:37 WST 2010


On Mon, Apr 12, 2010 at 6:44 PM, David Adam <zanchey at ucc.gu.uwa.edu.au> wrote:
>
> [MRD] suggested that the certificate confirmation prompt might be from the
> hostname of the RADIUS server (currently mussel) not matching the name on
> the cert (secure.ucc). I'm not sure about this; my understanding of the
> WPA2 protocol doesn't extend to how the client knows what authentication
> server is being used. Next time I'm in the clubroom, hopefully with a more
> useful device than the iPhone, I might try changing that around.

>From my (limited) knowledge, the TLS tunnel is established back to the
RADIUS server, so it's likely. Freeradius is pretty verbose in debug
mode, perhaps it'll tell you? (PEAP/MS-CHAPv2 is MS-CHAPv2 inside EAP
inside TLS inside EAP inside RADIUS, proving that when one standard
isn't secure enough you should add another four layers).

> In any case, apparently[1] a stock SSL certificate will not work on
> Windows XP without a specific extension. If someone with a Windows
> wireless client could test it out and let me know I would appreciate it,
> although I'll try and bring my laptop in.

Whoever does this, make sure you're running SP3 or I promise you will
actually go insane.

-Patrick

-- 
http://www.labyrinthdata.net.au - WA Backup, Web and VPS Hosting


More information about the tech mailing list