Re: Dynamic WEP support.

[Dan Williams <dcbw redhat com>]

On Wed, 2006-03-22 at 15:14 -0500, Robert Love wrote:
> On Wed, 2006-03-22 at 21:14 +0100, Jan Mynarik wrote:
> 
> > > Another question is, if NM detects your Dynamic WEP-based AP, does it
> > > think it is doing WPA Enterprise?  It should.
> > 
> > No, when I select this network from nm-applet's list, n-m tries to
> > connect and then opens dialog asking for WEP (passphrase|40-bit|104-bit
> > key).
> 
> Hrm.  That is a problem.  Kind of sucks if there is no way for the AP to
> advertise that it does half-WPA/half-WEP.  I presumed it would advertise
> the WPA-EAP stuff, but then non-WPA cards might not grok that.
> 
> Anyhow ... you can test it by doing "Connect to Other ..." and selecting
> "WPA Enterprise" with a key type of "Dynamic WEP" and filing out the
> other fields selectively, as needed.

I've started to think that we may need to separate the encryption from
the auth a bit more.  When I did the initial architecture stuff over
Christmas it wasn't clear what split between auth+enc should be.  But
since people seem to do really, really wacky stuff like TKIP + LEAP (why
God, why) I think we need to make that split more apparent...

The other driver for mashing them together somewhat was simplicity.  We
need to make sure the consumer use-cases (ie, plain WEP, unencrypted,
and WPA-PSK with no auth) are completely _nailed_ and easy to use.
Other cases, like 802.1x/TTLS/EAP/etc are more complicated and have more
options.  Those need to be exposed, but the balance of ease of use
should be tilted a bit more in favor of the simple cases.

So, I think we need to rethink the UI for wireless security here, and,
as much as I hate to say it, possibly the dbus protocol and libnm-util.
Piling more and more auth options into the matrix can't keep going on
forever without a cleanup of how they are presented.

Dan