On Monday 15 September 2014, Ben Hutchings wrote: > On Mon, 2014-09-15 at 23:08 +0200, Stefan Lippers-Hollmann wrote: > > On Monday 15 September 2014, Cyril Brulebois wrote: > > > Stefan Lippers-Hollmann <s....@gmx.de> (2014-09-15): [...] > > [...] but the udeb > > should support: > > > > - no encryption > > - WEP64 > > - WEP128 > > - WPAPSK v1 TKIP/ CCMP > > - WPAPSK2 TKIP/ CCMP > > > > More advanced setups, like IEEE8021X (using certificates and per-user > > encryption, e.g. eduroam and other commercial setups), smartcards and > > are not supported by the udeb (nor would netcfg know how to configure > > these). > > WPS would also be nice to have.
Actually plain WPS support[1] (not allowing for external registrar
functionality or NFC config methods) should already be supported by
wheezy's wpasupplicant packages (1.0-3). However I have not tested WPS
support (it was only enabled due to dependency issues of the udeb build
config) and I'm pretty sure that netcfg doesn't know how to configure
this. WPS using pin numbers or push-button (QSS) support is horribly
insecure and should be strongly discouraged, even though it is
convenient for the user (unfortunately many commercial access point
firmware don't allow to disable this option completely).
[...]
> The built-in world regulatory domain allows *passive* use of channels
> 12-13 and other channels that are not permitted in all countries. That
> is, the kernel will allow passively scanning on those channels and
> connecting to an AP, on the assumption that the AP is following the
> local rules.
[...]
Of course you're right, passive scanning mitigates this problem to
quite some extent. Active scanning (which is faster and would be
required for connecting to hidden SSIDs (which are a bad idea, but
still common; of course netcfg would have to learn to support this
as well) and 802.11d aren't available this way.
Regards
Stefan Lippers-Hollmann
[1] This should cover most consumer routers/ access points
signature.asc
Description: This is a digitally signed message part.
