Bug#760712: WEP vs WPA2

To: Stefan Lippers-Hollmann <s.L-H@gmx.de>
Cc: debian-kernel@lists.debian.org, Cyril Brulebois <kibi@debian.org>, 760712@bugs.debian.org, Chris Tillman <toff.tillman@gmail.com>
Subject: Bug#760712: WEP vs WPA2
From: Ben Hutchings <ben@decadent.org.uk>
Date: Mon, 15 Sep 2014 22:47:01 +0100
Message-id: <[🔎] 1410817621.3040.75.camel@decadent.org.uk>
Reply-to: Ben Hutchings <ben@decadent.org.uk>, 760712@bugs.debian.org
In-reply-to: <[🔎] 201409152308.52945.s.L-H@gmx.de>
References: <[🔎] CAO299FvP970APp22geGX4EV9QW9g8ThWf3MDFZ6DRrFYY6n9yA@mail.gmail.com> <[🔎] 201409152144.35044.s.L-H@gmx.de> <[🔎] 20140915200635.GJ2754@mraw.org> <[🔎] 201409152308.52945.s.L-H@gmx.de>

On Mon, 2014-09-15 at 23:08 +0200, Stefan Lippers-Hollmann wrote:
> Hi
> 
> On Monday 15 September 2014, Cyril Brulebois wrote:
> > Stefan Lippers-Hollmann <s.L-H@gmx.de> (2014-09-15):
> [...]
> 
> Seeing that the actual problem are missing kernel modules for 
> CCMP (AES), and probably TKIP as well, I'll concentrate on your
> new questions only
> 
> > Based on your answer, I'm wondering whether there might be some CONFIG_*
> > differences between wpasupplicant and its udeb, which might explain?
> 
> There are significant CONFIG_* differences between the regular 
> wpasupplicant and wpasupplicant-udeb, both to get it smaller and to
> avoid dependencies on packages not providing udebs, but the udeb
> should support:
> 
> - no encryption
> - WEP64
> - WEP128
> - WPAPSK v1 TKIP/ CCMP
> - WPAPSK2 TKIP/ CCMP
> 
> More advanced setups, like IEEE8021X (using certificates and per-user 
> encryption, e.g. eduroam and other commercial setups), smartcards and
> are not supported by the udeb (nor would netcfg know how to configure
> these).

WPS would also be nice to have.

[...]
> This reminds me, without regulatory domain support (iw(semi-optional), 
> crda, wireless-regdb) only the channels allowed for world-roaming
> (slightly depending on what the individual wlan drivers and firmwares
> understand under world-roaming) would be available, which means channel
> 1-11 (no access to 12/13) and very little, if anything, in the 5 GHz 
> band.

I started to worry about this too.

The built-in world regulatory domain allows *passive* use of channels
12-13 and other channels that are not permitted in all countries.  That
is, the kernel will allow passively scanning on those channels and
connecting to an AP, on the assumption that the AP is following the
local rules.

But I'm prepared to believe that this doesn't work when using wext, or
requires wext configuration to be done in a different order than netcfg
and wpa_supplicant currently use.

Ben.

-- 
Ben Hutchings
Make three consecutive correct guesses and you will be considered an expert.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Bug#760712: WEP vs WPA2
  - From: "Stefan Lippers-Hollmann" <s.L-H@gmx.de>

References:
- Bug#760712: WEP vs WPA2
  - From: Chris Tillman <toff.tillman@gmail.com>
- Bug#760712: WEP vs WPA2
  - From: "Stefan Lippers-Hollmann" <s.L-H@gmx.de>
- Bug#760712: WEP vs WPA2
  - From: Cyril Brulebois <kibi@debian.org>
- Bug#760712: WEP vs WPA2
  - From: "Stefan Lippers-Hollmann" <s.L-H@gmx.de>

Prev by Date: Bug#760712: WEP vs WPA2
Next by Date: Bug#760904: installation-reports: no network on linkstation pro with jessie d-i
Previous by thread: Bug#760712: WEP vs WPA2
Next by thread: Bug#760712: WEP vs WPA2
Index(es):
- Date
- Thread