On Mar 17, 2016, at 7:49 AM, Stefan Winter <[email protected]> wrote: > In a nutshell: end users get EAP configuration wrong because it's too > complex, and as a result they are vulnerable to many badnesses out there > in the Wi-Fi world. A common config format would settle all the complex > pieces automatically for them, and make the internet a safer place for them.
I'll have a short presentation at the end of RADEXT which addresses this problem directly. And shows how easy it is for bad actors to confuse naive users. I'll post a link to the presentation here when it's ready. In short, there is no practical way to onboard users securely via the method of "connect to an SSID, and click through the prompts". The configuration MUST be provided to the user signed, and/or via an out of band method. Alan DeKok. _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
