You seem to be mixing terms. 802.1x is a method of providing authentication to 802 networks (802.3, 802.4, 802.11, 802.16, ...) With 802.11, you can distribute keying material to the supplicant (in 802.11, the STA) potentially on a per-session, per client basis, and, if your AP is 'good enough', you can rekey the sessions often enough to make the known wep cracks ineffective.
AES is (just) an encryption algorithm. AES isn't going to be much fun without key distribution. IPSec isn't much fun without IKE, for nearly identical reasons. I can only see a couple advantages to a combination of L2TP and IPSec. You can use IPSec to secure the control channel (using machine certificates), used to negotiate and set up the L2TP connection. L2TP (and PPTP) have notoriously bad security during the key exchanges. After the session is authenticated and set up, you probably want all traffic tunneled/encrypted using L2TP, not IPSec. The advantage of L2TP over IPSEC for things VPN is because L2TP can support multiple protocols, doesn't have NAT problems, etc. If you're not talking about this, but straight L2TP over IPSec, the only advantage I see is L2TP's multi-protocol support, and by tunneling L2TP in IPSec, you would eliminate the security issues with L2TP. On Saturday, September 28, 2002, at 02:47 AM, evilbunny wrote: > Hello all, > > Hmm the more I read about 802.1x the less appealing it seems to be, > it seems it's an interim solution for wireless until they build math > co-processors into AP's to handle AES encryption. > > Currently the best practice for secured connections I can see so far > is L2TP over IPSec... > > However for authentication L2TP should suffice... > > suggestions? > comments? > > -- > Best regards, > evilbunny mailto:[EMAIL PROTECTED] > > http://www.cacert.org - Free Security Certificates > http://www.sydneywireless.com - Telecommunications Freedom > <smime.p7s> -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
