You're not missing anything, but you probably should read the 802.1x spec, or take a look at the 802.11i/RSN efforts, etc.
Musenki APs had an on-board smart-card in order to provision the AP-resident certs, (and other provisioning info), btw. Allows the unit-specific information to be coded away from the unit, and to survive a field-service call (replacement) without a highly-trained field tech. Jim On Tuesday, October 8, 2002, at 11:29 AM, David Rhodes wrote: > ..another thought related to recent EAP/LEAP threads - Does anyone > know if > any of the related 1x mechanisms will provide AP authentication to the > client? It seems like all the effort has gone into authenticating the > client, not the access point. I realize that most 802.11 equip. was > built > for corporate and home environments where the network provider is > trusted, > but this is not true in the public space. > I haven't used the 1x solutions to any serious degree yet but it > appears > the AP only passes the supplicant info to the RADIUS server. I know the > RADIUS server essentially auth's the AP via the optional SSL/shared key > connection but that doesn't provide the user any first hand > information. > Seems like we need some way to put public certs on the AP's similar to > what > is done with webservers. With all these stories of pimping starbucks > wifi > customers from the street, etc..not to mention AP storms... or am I > missing > something? > > thanks, > david > > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
