Chuck Yerkes <chuck+nbsd@2004.snew.com> wrote:
> As for LEAP - well, it's both patented and unsupported in the BSDs.

  I haven't heard of a LEAP patent.  Nothing I've read on Cisco's web
sites leads me to believe it's patented.  Since LEAP is basically
MS-CHAPv2, I'm don't see how it could be patented, but the US patent
office can always surprise me.

  I implemented LEAP about a year ago:

	http://www.freeradius.org/radiusd/doc/rfc/leap.txt

  So it looks like it's at least supported in a BSD user-land app,
even if it a GPL'd one.  And LEAP is also supported (I believe) in
xsupplicant, which is an EAP client.  It's mainly a Linux app, so I
don't know how portable it is to a Unix system...

> TKIP is also, unfo, not supported.  Given that WEP is close to
> useless, IPSec is a fine compromise (though a pain for strangers'
> machines).  I treat the wireless net as an unsecure network unless
> there's IPSec.

  Pretty much.  There's also EAP-TTLS, which gives you dynamic WEP
keys based on an SSL/TLS exchange, but I don't know how many clients
there are with support for it.

  Alan DeKok.