Hello Alan, no you don't, 802.1x is fully able to take advantage of passwords and or x.509 certificates (which card ID's use as well...) depending which variant you're using at the time...
-- Best regards, evilbunny mailto:[EMAIL PROTECTED] Welcome to the Church of the Holy Cabbage. Lettuce pray http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom Tuesday, December 17, 2002, 12:58:36 PM, you wrote: AL> Excellent post! BTW, you'll still need smart card ID AL> deployment. Alan AL> --- Jacques Caron <[EMAIL PROTECTED]> wrote: >> Hi, >> >> 802.1x is pure software, and unless the hardware in >> the box is very very very very dumb, or there are >> flash space issues, any AP should be upgradable to >> support 802.1x. It's just a matter of adding a few >> state machines, a RADIUS client, making sure per- >> station keys are supported, a tiny bit of crypto >> (for RADIUS and the EAPOL-Key packets), and the >> associated configuration variables (RADIUS server, >> secret, etc.). >> >> That's actually the whole reasoning behind the new >> WPA thing: it should bring more security without >> needing new hardware, as opposed to "better" >> security enhancements like AES that require quite a >> bit more horsepower. >> >> Now, of course, that doesn't necessarily mean that >> all vendors will provide new firmware to support >> 802.1x or WPA... They'll probably try to sell new >> hardware, especially for the lower cost ones. >> >> Jacques. AL> -- AL> NYCwireless - http://www.nycwireless.net/ AL> Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ AL> Archives: http://lists.nycwireless.net/pipermail/nycwireless/
smime.p7s
Description: S/MIME Cryptographic Signature
