Folks,
We are experimenting with dynamic keying via 802.1X on the IETF wireless network. You are invited to try this service if you wish. However, this isn't production so please do not ask for assistance from the terminal room help desk staff. Help is available from the following (depending on schedule):
Chris Hessing, Chris.Hessing@xxxxxxxx Chris Elliott, chelliot@xxxxxxxxx
Regards, Karen
Anonymous 802.1X at IETF 60 =========================== Chris Hessing, University of Utah/Open1x Project
On the IETF 60 wireless network we are providing a separate SSID and VLAN that does anonymous 802.1X authentication with support for dynamic WEP. The advantage of using this is your wireless connection will be encrypted using per-user, per-session keys. In addition, if you choose to check the certificate provided by the network infrastructure during the authentication phase, you will also receive some assurance that you are connecting to the IETF 60 network and not some other network.
If you would like to make use of the 802.1X wireless network, you will need to use the non-broadcast ESSID of “ietf60-1x”.
You will also need an 802.1X supplicant that has support for TTLS-PAP. Windows XP/2000 users can download a plug-in to the native 802.1X client at http://www.secureW2.com. Mac OS X users that are running OS 10.3+ already have support included in the OS. Directions are provided below. Linux users can download Xsupplicant from http://www.open1x.org.
Your supplicant will receive a server certificate that is a test certificate. You can choose to configure your supplicant to accept this certificate the first time it is provided and check it thereafter, allowing your supplicant to verify that you are connecting to the IETF network infrastructure, or you can choose to not validate the server certificate.
The username and password that you use doesn't matter, as long as you fill something in for both. If you have an option to fill in a domain please leave it blank.
Note that the encryption type supported at this time is dynamic WEP. We are not currenly supporting WPA/TKIP.
We are currently working on supporting other EAP authentication types, including PEAP-GTC.
MAC Users ========= 1. Open Internet Connect 2. Under File "New 802.1X connect" a. edit config name - whatever you want username - whatever you want password - whatever you want wireless network - ietf60-1x authentication - only select TTLS configure TTLS TTLS Inner Authentication - PAP no outer id connect 3. Self signed cert - accept.
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf