Re: WPA and CCMP

From: Dan Williams <dcbw redhat com>
To: James Ettle <jhe phys soton ac uk>
Cc: networkmanager-list gnome org
Subject: Re: WPA and CCMP
Date: Mon, 09 Jan 2006 20:01:11 -0500

On Tue, 2006-01-10 at 00:08 +0000, James Ettle wrote:
> I've been playing around with CCMP (AES). I've found that if I first
> associate with TKIP, and
> then /system/networking/wireless/networks/<ssid>/we_cipher to 8 in
> gconf, NetworkManager then tells wpa_supplicant to use CCMP. It then
> goes on to authenticate and pick up an IP address. Although
> NetworkManager identifies the AP as CCMP capable, it doesn't seem to
> forward this to nm-applet.

Right, it doesn't support WPA2 (also known as WPA Enterprise) quite yet.
CCMP is the defined encryption protocol for WPA2.  There wouldn't be
that much work needed to make WPA2 work correctly, but I was
intentionally keeping the scope of the WPA stuff as small as possible
for the moment.  Meaning, just WPA + TKIP.  Hopefully WPA2 will be along
soon.

> [I also have to hack the timeout 120s, as for some reason my setup seems
> very slow at associating... don't know whether that's ipw2200,
> wpa_supplicant or the USR, though.]

Odd, though I'd expect a WPA2 association to take longer on some levels,
given that there are so many more steps.  When 802.1x and RADIUS get in
the picture, the authentication is actually 2 hops away from the client,
which means more time.  So we may need to have different timeouts for
different AP setups.  But we can detect that.

Thanks for the report,

Dan

References:
- WPA and CCMP
  - From: James Ettle

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]