Wireless Protocol Adventures

The RSA Conference provides wireless access to full conference attendees. Someone (no doubt either a brave soul or someone with a fine whiskey collection) decided they should use 802.1x authentication on this network. So, I tried to use it. This describes my adventure so far.

Short answer: it doesn't work.

I've got an IBM Thinkpad, with a Cisco/Linksys wireless card, with Windows XP Pro, Service Pack 1, rollups and patches all applied. It doesn't work. I get about 5 seconds of connectivity and then it dies.

Now rather than drag you all through the sordid details of my unpleasant experience, let me tell you what I see as the issues here, because that's relevant to all of us.

* - It's not supported.

You have to update your O/S, your drivers, your authentication mechanism, your certificate set, and it only works on a few operating systems, if it works at all. This is not what I would describe as a "supported feature". This is a new technology that is experimental, on a good day.

*- It has security implications

It uses certificates, which is fine. I know how to do certs, having been in that space for a while. Having my device driver proudly ask me to pick a random root from the 200 or more roots loaded into my PC by the browser vendor isn't the way to deploy a hierarchy, in my opinon. So we are back to certificate/PKI headaches. Why on earth would I ever want to have the ABA (who deploys a root via Internet Explorer) to certify a wireless access point?

*- It's got performance issues

During the 15 second intervals when I did see connectivity, my T23 (that's a gigahertz Pentium) slowed to a crawl. It's very impressive to see the mouse pointer respond sluggishy, but it's not user friendly. I suppose this could be crypto issues, but no other crypto software has such issues in this class of machine, so I'm not sure what they're doing under the rug.

*- It's got network management issues

There's no logging, dialog boxes, magic secret text message files, or any other trail left by a failure. Because I'm not shy and because I finally started explaining I was going to blog this, I was able to artifically raise the visibilty of my problem and prevail upon the kindness of the show staff and one or two personal firewall vendors at the show, in order to get someone to help me troubleshoot this. When you can make the network elf start muttering in Old High Latin whilst typing arcane diagonstic commands into the serial port on their high-end Enterprise-class Wireless AP, only to see the same silly link failures, it's pretty bad. This is not a deployed technolgy - it's a science fair project.

So what did I do? I cheated. I used the Ethernet drops in the press room, or, I walked across the street (in the rain) to the coffee shop, where the wireless works fine.