Linked by Thom Holwerda on Wed 30th Apr 2008 22:24 UTC
OpenBSD Theo de Raadt has lifted the veil off OpenBSD 4.3. "We are pleased to announce the official release of OpenBSD 4.3. This is our 23nd release on CD-ROM (and 24rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." Boasting as always, but when it's justified, arrogance is a virtue.
Thread beginning with comment 312517
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: WPA
by Sunnz on Thu 1st May 2008 23:53 UTC in reply to "RE: WPA"
Sunnz
Member since:
2008-04-09

VPN with some sort of strong software encryption such as Blowfish, AES, is preferred in the OpenBSD circles to secure any kinds of network connections, including WiFi... which usually secures the IP packets at layer 3... which means, you can effectively transmit data securely over an unsecure WiFi data link (layer 2)... therefore, it was not a priority for OpenBSD dev to secure layer 2 such as WPA.

Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.

Reply Parent Score: 2

RE[3]: WPA
by 0brad0 on Fri 2nd May 2008 04:22 in reply to "RE[2]: WPA"
0brad0 Member since:
2007-05-05

VPN with some sort of strong software encryption such as Blowfish, AES, is preferred in the OpenBSD circles to secure any kinds of network connections, including WiFi... which usually secures the IP packets at layer 3... which means, you can effectively transmit data securely over an unsecure WiFi data link (layer 2)... therefore, it was not a priority for OpenBSD dev to secure layer 2 such as WPA.


It was not a priority because the people working on the net80211 layer were not using Wifi in the real world so they didn't care. This has since changed. Recommending the use of IPsec was only a workaround for your own network and it is not realistic to recommend the use of IPsec for everyone trying to connect to your AP anyway.

Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.


I cannot find any such comment from Theo and if he did it would have been about WPA and not WPA2. Anyway, this goes way beyond just coffee shops. WPA is in use everywhere.

Reply Parent Score: 1

RE[4]: WPA
by Sunnz on Sat 3rd May 2008 11:17 in reply to "RE[3]: WPA"
Sunnz Member since:
2008-04-09

Recommending the use of IPsec was only a workaround for your own network and it is not realistic to recommend the use of IPsec for everyone trying to connect to your AP anyway.


Huh? I don't see why not. I personally use OpenVPN on my AP and I had guest coming in with Win/Mac/Lin/BSD laptops and it all works fine.

"Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.


I cannot find any such comment from Theo and if he did it would have been about WPA and not WPA2. Anyway, this goes way beyond just coffee shops. WPA is in use everywhere.
"

Well that just proves the point, people want WPA support so that they can connect to WPA Access Points.

Edited 2008-05-03 11:19 UTC

Reply Parent Score: 1