Joined: July 2007
||Posted: Sep. 05 2007,13:07
|Quote (andrewb @ Sep. 02 2007,19:27)|
|Unless you definitely know your AP is using TKIP I'd change that to CCMP. I have a Netgear AP & it doesn't make it obvious in the documentation, but when you switch from WEP to WPA it changed from TKIP to CCMP (& there's no way of manually altering this setting on the AP.|
Been off on other assignments. Getting back to this...
Hey, I configured the AP. It is mine. I helped write 802.11i; I was in the middle of the cipher-suite debate. And I can see from my Centos based notebook that TKIP is being negotiated.....
Some APs are REALLY dumb. The people doing the UI coding just don't seem to get it. But in part, it is a language thing. It is amazing for all we do in the standards to explain what MUST and SHOULD means, that this does not translate to working UIs.
And I cringe when a vendor tells me that, yes the eky MIBs are write only, per the PIC. Nothing in their UI software can read the content of the key MIBs. So they keep a copy of the keys elsewhere and that is what the UI is showing on the screen, because of course the user wants to know what the key is currently.... ARGH!
But on the gripping hand, this security stuff we make is COMPLEX. As Steve Kent (check out the editor/author of the IPsec RFCs amongst other things) said: "Bob, this IS Rocket Science." And users just don't want to be bothered to decide which security they want. Then there was JI with his Security Pixie Dust that he would sprinkle around the IPsec meeting when the debates tanked.
Well back to it.