[CWN-Summit] Open 1X Project Info:

Sascha Meinrath sascha at ucimc.org
Wed Sep 29 08:42:33 CDT 2004 

This is a really interesting interview with two of the folks who are 
working on the Open 1X Project (an open source project working on wireless 
networking security).  The system uses dynamic keying (rather than VPN 
like the UofI) so it doesn't require client software.

In a nutshell:

"We use TTLS, with PAP as the inner authentication method. As a security 
measure, our user accounts are stored in Kerberos, which encrypts user 
passwords on the server. Kerberos allows you to give it a user name and 
unencrypted password for validation, but it does not store the password in 
a way that the unencrypted form can be recovered. We needed an EAP method 
worked with a user name and an unencrypted password. Kerberos can validate 
a password, but it doesn't work with challenge/response systems like PEAP. 
[Interviewer's note: PEAP actually can work with an unencrypted 
authentication string, by using EAP-GTC as the inner method. However, 
PEAP/EAP-GTC is not widely supported by clients, and it is not implemented 
by the supplicant built in to Windows.]"

There's a fairly accessible white-paper explaining their system here: 
http://wireless.utah.edu/global/support/radius_mesh/RADIUS_Mesh_Long.pdf

For the BSD folks in the crowd, "We're spending most of our time writing 
code to implement WPA and 802.11i. The BSD frame handler is also on the 
short list, but we are spending more time on WPA and 802.11i. If somebody 
were to write the BSD frame handler, we would be more than happy to take 
it, though."

--Sascha

-- 
Sascha Meinrath
Project Manager & Pres.   *   Project Coordinator   *   Policy Analyst
Acorn Worker Collective  ***  CU Wireless Network  ***  Free Press
www.acorncollective.com   *   www.cuwireless.net    *   www.freepress.net

Subject: Open-Source 802.1X Deployment, Future

By Glenn Fleishman
Special to Wi-Fi Networking News
Permanently archived at <http://wifinetnews.com/archives/004168.html>

[1] Matthew Gast interviews two of the principals of the open-source 
802.1X project called Open1X: Matthew is involved in testing 802.1X 
systems (supplicants and servers); he's the author of O'Reilly's [2] 
802.11 Wireless Networks. He interviews Chris Hessing and Terry Simons 
about their use of 802.1X at the University of Utah--fascinating in 
itself--and their broader goals of bringing more interoperability and 
sophistication to 802.1X implementations. Open1X was started because they 
needed a client that worked across many platforms; now some platforms have 
limited 802.1X clients built in, but the need for a robust open-source 
supplicant is still quite high.

URLs referenced:
[1] <http://www.macdevcenter.com/pub/a/mac/2004/09/21/open1x.html>
[2] <http://isbn.nu/0596001835>

More information about the CWN-Summit mailing list