By the way, github is maintaining a master list of vendor responses over at: https://github.com/kristate/krackinfo -Sam
On Tue, Oct 17, 2017 at 6:49 AM, Osborne, Bruce W (Network Operations) < [email protected]> wrote: > No, the solution is EAP-TLS with individual device certificates. > > > > > > > > *Bruce Osborne* > > *Senior Network Engineer* > > *Network Operations - Wireless* > > *(434) 592-4229 <(434)%20592-4229>* > > *LIBERTY UNIVERSITY* > > *Training Champions for Christ since 1971* > > > > *From:* Tim Tyler [mailto:[email protected]] > *Sent:* Monday, October 16, 2017 9:57 AM > *Subject:* Re: Big flaw in WPA2 > > > > This brings up an issue where I have philosophically wondered if mac > address authentication isn’t better than 802.11x (wpa2). The reason isn’t > because it guards the network better. But if one does get hacked at the > point of accessing the network, the consequences are way less. One isn’t > giving a way the keys to their other accounts. I know some institutions > do use mac address authentication as their primary access method. It is > difficult for institutions that can’t afford pricey on-boarding solutions > to manage certificate lock downs. Hence, man in the middle attacks become > prevalent as well. > > We already use mac address authentication for devices that won’t support > 802.1x. I keep wondering now if I shouldn’t make that our primary solution > someday. I am curious as to what others think. > > > > Tim > > > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > [email protected]] *On Behalf Of *Turner, Ryan H > *Sent:* Monday, October 16, 2017 6:51 AM > *To:* [email protected] > *Subject:* [WIRELESS-LAN] Big flaw in WPA2 > > > > > https://arstechnica.com/information-technology/2017/ > 10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic- > open-to-eavesdropping/ > > > Ryan Turner > > Manager of Network Operations, ITS > > The University of North Carolina at Chapel Hill > > +1 919 274 7926 <(919)%20274-7926> Mobile > > +1 919 445 0113 <(919)%20445-0113> Office > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/ > discuss. > > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
