Roy Schestowitz wrote:
> OpenSEA Adds Open Source Spice to 802.1x
>
> ,----[ Quote ]
> | A new consortium called OpenSEA (Open Secure Edge Access) is hoping
> | to make 802.1x more pervasive by developing an enterprise-class open
> | source 802.1x supplicant.
> `----
>
> http://www.internetnews.com/ent-news/article.php/3677296
>
That sounds like a bit of a tricky job. 802.1x is basically point to point,
I don't think there is any provision for it extending from that. It's model
was was based on the ACL model, but in hardware rather than software. So is
an allow-deny model as you would see in ACL. We all make use of IP
authentication on our networks at home or work, initiated at switch on.
This is effectively the same for wifi authenticating hardware.
That ACL then point to point setup makes it ideal for wifi, otherwise you
would have to re-authenticate on every communication, simply because it
would otherwise be too easy a target for packet stealing or injection. Some
of you might remember when a machine that has been idle a long time, or has
gone to sleep, would take longer than normal to reconnect to the network,
that was because it had to go through the full re-authentication, that
isn't so bad as it was, but actually still happens, only on a modern
network it is much quicker.
But whether 802.1x is the right format to take further as a multi-point
network, possibly taking some machines away from the primary domain to
their alternative domain, hmmmmm? I don't know for sure but if that was my
million pound question on who wants to be a millionaire I would have
guessed 'no'.
It has to be done of cause, for a large office you can't have banks of
access stations scattered around just so that you have enough access
points. At home as more devices are likely to go wifi people will need more
access points or their access point must be capable of many more
connections.
With each client point being authenticated then the units have to have some
finite limit on the numbers that they can cope with. Isn't a home system
usually limited to about five consecutive wifi connections? This is really
because there is some processing involved, not only packets themselves but
also encryption, and you don't want to have to provide a powerfull CPU on a
router such that it needs extra cooling.
I remember, I think it was Cisco, talking of a master that received from the
access points and was meant to perform all of the packet work on a single
more powerful router. But that idea still presents a potential bottle kneck
as well as potentially an extra box in the home situation.
I'm sure these chaps have an idea of a direction, all I am really saying is
that 802.1x as it stands doesn't look to me like it is best suited to this
particular job.
|
|
