On Tue, 11 Mar 2003, Jim Thompson wrote: > your tunnel won't protect you from a MIM attack that starts by de-authing your > client.
sure if you if you're talking about mtm attacks on tunneled authentication protocols. mtm attacks against ssh clients where you already have all the hosts dsa keys is quite another matter. you're going to be able to detect it. > 802.11i with secured management frames is the way to fix this. I'd vastly prefer transport independant end-to-end encryption in almost every circumstance. > if you want to run VPN on top of that, the choice is yours. Encryption isn't free. > At a minimum, it costs in latency. well sure, but when your laptop is a 1.7ghz p4 it can do about 6MB/s worth of 128bit idea, which isn't to shabby... people in the ipsec business have $10 fpgas doing it at 1.2Gb/s > Jim > -- > general wireless list, a bawug thing <http://www.bawug.org/> > [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless > -- -------------------------------------------------------------------------- Joel Jaeggli Academic User Services [EMAIL PROTECTED] -- PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- In Dr. Johnson's famous dictionary patriotism is defined as the last resort of the scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first. -- Ambrose Bierce, "The Devil's Dictionary" -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
