Linked by Thom Holwerda on Wed 30th Apr 2008 22:24 UTC
OpenBSD Theo de Raadt has lifted the veil off OpenBSD 4.3. "We are pleased to announce the official release of OpenBSD 4.3. This is our 23nd release on CD-ROM (and 24rd via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install." Boasting as always, but when it's justified, arrogance is a virtue.
Thread beginning with comment 312545
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: WPA
by 0brad0 on Fri 2nd May 2008 04:22 UTC in reply to "RE[2]: WPA"
0brad0
Member since:
2007-05-05

VPN with some sort of strong software encryption such as Blowfish, AES, is preferred in the OpenBSD circles to secure any kinds of network connections, including WiFi... which usually secures the IP packets at layer 3... which means, you can effectively transmit data securely over an unsecure WiFi data link (layer 2)... therefore, it was not a priority for OpenBSD dev to secure layer 2 such as WPA.


It was not a priority because the people working on the net80211 layer were not using Wifi in the real world so they didn't care. This has since changed. Recommending the use of IPsec was only a workaround for your own network and it is not realistic to recommend the use of IPsec for everyone trying to connect to your AP anyway.

Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.


I cannot find any such comment from Theo and if he did it would have been about WPA and not WPA2. Anyway, this goes way beyond just coffee shops. WPA is in use everywhere.

Reply Parent Score: 1

RE[4]: WPA
by Sunnz on Sat 3rd May 2008 11:17 in reply to "RE[3]: WPA"
Sunnz Member since:
2008-04-09

Recommending the use of IPsec was only a workaround for your own network and it is not realistic to recommend the use of IPsec for everyone trying to connect to your AP anyway.


Huh? I don't see why not. I personally use OpenVPN on my AP and I had guest coming in with Win/Mac/Lin/BSD laptops and it all works fine.

"Last time Theo written about WPA in misc was that WPA has become an accessibility problem rather than security. People use OpenBSD on their laptop would like to be able to access a WPA AP at a coffee shop.


I cannot find any such comment from Theo and if he did it would have been about WPA and not WPA2. Anyway, this goes way beyond just coffee shops. WPA is in use everywhere.
"

Well that just proves the point, people want WPA support so that they can connect to WPA Access Points.

Edited 2008-05-03 11:19 UTC

Reply Parent Score: 1

RE[5]: WPA
by 0brad0 on Sat 3rd May 2008 23:06 in reply to "RE[4]: WPA"
0brad0 Member since:
2007-05-05

Huh? I don't see why not. I personally use OpenVPN on my AP and I had guest coming in with Win/Mac/Lin/BSD laptops and it all works fine.


IPsec != OpenVPN. I don't want to setup VPNs of any kind to workaround the real problem. Now that it has been resolved everyone is happy.

Well that just proves the point, people want WPA support so that they can connect to WPA Access Points.


And what is your point? You're not stating anything that is new.

No one has denied that there was not a purpose to WPA support, but developers that write the appropriate code and developers which have the time to do so do not appear out of thin air.

Reply Parent Score: 1