[WLANtalk] Wifi4EU - EU-weites Authentifizierungssystem mittels Handynummern? (Wifi4EU - EU-wide authentication system using mobile numbers?)

[Linus Lüssing]

Hi Nicco and Valent,

Thanks for sharing, very interesting!

On Wed, Apr 04, 2018 at 10:34:24AM -0400, valent at otvorenamreza.org wrote:
[...]
> Regarding Hotspot 2.0 I saw this information (and other information) on
> webminar that EC shared to all national regulation bodies. Our (Croatian)
> regulation body (Hakom) shared this webminar on their web page:
> https://nop.hakom.hr/aktualnosti/wifi4eu-novosti-i-dodatne-informacije/262
> http://nop.hakom.hr/UserDocsImages/Dokumenti/wifi4eu_-_bco_webinar_jan_2018.pdf
> 
> 
> Here is what it says on last page of this webminar presentation:
[...]
> 
> Wi-Fi Access Point requirements:
[...]
> 3. APs to support 802.1x

I am currently wondering what this would imply. Especially: Would
this result in a limitation of who would be allowed to access,
administrate or update the router/firmware?

Afaik in eduroam setups the 802.1x authenticator is run on the
wifi router. Therefore the wifi router needs its own set of
cryptographic keys which it may not share publically and data
will be encrypted between client device and wifi router only.
Please correct me if I'm wrong.

Technically, I think it might be possible to move the 802.1x
authenticator out of a wifi/mesh router to some remote server
and having the encrypted tunnel between client device and this
server. But at least hostapd is not able to do this right now
as far as I know (and I'm wondering whether EAPOL would start
to have issues due to the extra delay).


Sorry for these specific, technical questions at this early point.
But I'm trying to get a picture of how, if at all, running Wifi4EU
and Freifunk on the same mesh node were technically doable.

Regards, Linus