[OpenWireless Tech] Unauthenticated EAP-TLS
Christian Huitema
huitema at huitema.net
Sat Jan 5 20:16:04 PST 2013
I think we could gain a lot by studying EDUROAM, the system by which
academics share their network connections. As far as I can tell, it is the
largest "grass root" Wi-Fi sharing network in production today.
EDUROAM uses 802.1x authentication over 802.11, and uses backend
interconnections between the universities authentication servers to ensure
that a researcher visiting a campus can connect to the local network using
their "home" credentials. This means users have an identity for the network,
which definitely mitigates the "swat team in the morning" issue. The
presence of the interconnection also means that the visitor gets some
assurance of connecting to a legitimate network, not an "evil twin."
Of course, EDUROAM solve a slightly different problem than open wireless.
University campuses have staffs of network operators, maintain servers, etc.
But I wonder whether we could devise something similar using only software
in the "open wireless" access points, and maybe a light weight backend
service that would check registration of the access points in the open
wireless system.
-- Christian Huitema
More information about the Tech
mailing list