I would like to share some facts about wifi and wifi security vis-a-vis wifi phones.
First off, it takes REAL time to negotiate the 4-way-handshake. Not even thinking about the 802.1X authentication. Thus a person walking at a normal rate, going through a door will find themselves disconnected from the AP on the one side of the door and trying to connect to the AP on the other side. This can result in a lose of connectivity exceeding the ITU's 50ms max outage time (cellular systems have aways targeted 35ms). This is part of the reason why I added PSKSA caching to the standard (yeah, the whole SA nomenclature was my doing, lifting it from my IPsec work). The problem is moving the PSKSA cache around the APs. 802.11F was rejected by the vendors as a solution (and I did the security on that). Thus was born thin APs with the security SAs held back in the switch and work on the 802.11r addendum (and is that ever a kitchen sink). So if you want more than WEP, you NEED one of the thin AP solutions for mobile devices like phones. Also you need some good processing power and code space (boy did the Spectralink engineer scream). So, yeah, real wireless security is a real problem on handhelds. Of course, in the end we will need 802.11s for real moblity in a large area. Oh, and security with DECT is a REAL question. There is too much handwaving and smoke (ie we can't tell you). So I would not be supprised that if you are thinking DECT, don't worry about WEP over WPA. Push for DTLS for security in mobile devices. Of course that needs Diffie-Hellman and they scream about that. Though the ECC variant is already used for GSM, so there is hope. And don't even mention RSA operations. But again we do see some of the ECC alogrithms in GSM devices; most of the manufactures in the GSM field are willing to pay the patent royalties demanded. _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
