On Monday 15 September 2014, Ben Hutchings wrote: > On Mon, 2014-09-15 at 23:08 +0200, Stefan Lippers-Hollmann wrote: > > On Monday 15 September 2014, Cyril Brulebois wrote: > > > Stefan Lippers-Hollmann <s....@gmx.de> (2014-09-15): [...] > > [...] but the udeb > > should support: > > > > - no encryption > > - WEP64 > > - WEP128 > > - WPAPSK v1 TKIP/ CCMP > > - WPAPSK2 TKIP/ CCMP > > > > More advanced setups, like IEEE8021X (using certificates and per-user > > encryption, e.g. eduroam and other commercial setups), smartcards and > > are not supported by the udeb (nor would netcfg know how to configure > > these). > > WPS would also be nice to have.
Actually plain WPS support[1] (not allowing for external registrar functionality or NFC config methods) should already be supported by wheezy's wpasupplicant packages (1.0-3). However I have not tested WPS support (it was only enabled due to dependency issues of the udeb build config) and I'm pretty sure that netcfg doesn't know how to configure this. WPS using pin numbers or push-button (QSS) support is horribly insecure and should be strongly discouraged, even though it is convenient for the user (unfortunately many commercial access point firmware don't allow to disable this option completely). [...] > The built-in world regulatory domain allows *passive* use of channels > 12-13 and other channels that are not permitted in all countries. That > is, the kernel will allow passively scanning on those channels and > connecting to an AP, on the assumption that the AP is following the > local rules. [...] Of course you're right, passive scanning mitigates this problem to quite some extent. Active scanning (which is faster and would be required for connecting to hidden SSIDs (which are a bad idea, but still common; of course netcfg would have to learn to support this as well) and 802.11d aren't available this way. Regards Stefan Lippers-Hollmann [1] This should cover most consumer routers/ access points
signature.asc
Description: This is a digitally signed message part.