On Monday 23 May 2011 18:08:15 Genes MailLists wrote: > On 05/23/2011 12:18 PM, Tim Smith wrote: > > When it talks about SSID IEs, however, it isn't mentioning Probe Response > > or Beacon explicity, but uses the weasel phrase "or that do not > > advertise an authorised SSID" without specifying *HOW* that SSID is to > > be advertised :-) Also note the "an authorised SSID" in the sense of "at > > least one". > > > > I can "advertise an authorised SSID" in selected Probe Responses only > > when the Probe Request contained that SSID and satisfy that > > requirement[1]. > > I bow to your obvious expertise in this .. but it sure seems like it > violates the intent of the spec ... nitpicking the doc aside :-) > > And I'll stick with my suggestion for people to stop recommending > hiding SSID as a security measure - it still sounds like bad advice to > me - unless an expert (Tim?) tells me otherwise .. :-) Oh you're absolutely correct on that. It has zero effect on security, and anything which makes you think you have security when you don't really is a bad idea. Also there *is* quite a bit of kit out there which will not cope with it, but it doesn't violate the spec and there is a *lot* of enterprise kit out there which does this trick as a matter of course; when a big office wants to provide separate "guest" and "corporate" WiFi access they don't go installing two sets of APs all over... In fact, if you see the "WiFi certified" logo on a piece of kit it is supposed to deal with "hidden" SSID properly[1], though it's a full end-user device stack that gets tested, not a particular network card, so once you're using it with Linux/wpa_supplicant/iw tools you're on your ownsome there as it will have been the Windows drivers wot got the certification. In fact, I suspect a default install of wpa_supplicant would *not* pass the test suite. Not that that's a bad thing particularly as wpa_supplicant gives you something you don't often get as an end-user: a manual page to use to tweak the settings. [1] I think that check has been in the test suite for long enough now that this is a safe statement. -- Tim Smith <tim@xxxxxxxxxxxxxxxxxxx> Spin-Sealed Tibanna Gas is an aphrodisiac. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines