802.1x Wireless Deployment

Ed Gibson egibson at uwo.ca
Wed Apr 9 20:49:56 GMT 2003


We are looking at deploying 802.1x as a potential solution to the
insecurities associated with WEP. (i.e. implementation of dynamic key
exchange).

This of course has delved us into an analysis of TLS vs TTLS vs PEAP.
Our conclusion is that TTLS makes the most sense for us for the
following reasons:

TLS implies client certificate distribution and we would prefer to avoid
that can of worms.

PEAP seems to have an affiliation with MD4 hashing, since our LDAP
implementation only supports MD5 hashes we were somewhat leery about
getting in to multiple copies of password hashes.

Which leaves TTLS as the least of all evils.  Deciding to focus on
EAP/TTLS has now put us into the quandary of determining what client to
deploy. We have been able to identify three clients out there,
MeetingHouse, Funk Software's Odyssey client, or SecureW2 which has been
just recently offered for free.

My question is has any one out there made similar conclusions? Or is
there any feedback available on our conclusions? And has anyone
completed any evaluation on these three client applications?

Not asking for too much am I ? :-)  Just figured we couldn't be the only
ones playing around with this model and felt additional feedback would
be enlightening.

Ed Gibson
University of Western Ontario
Network Operations



More information about the unisog mailing list