[PATCH] Adding <acronym> elements to wlan Handbook section
Murray Stokely
murray at stokely.org
Wed Dec 10 21:10:32 UTC 2008
Is the stylesheet now smart enough to only markup the first occurrence
differently? I seem to recall these could get distracting if all
instances of an acronym are replaced (either with hyperlinks to
definition, or bold, or however we are currently rendering them).
- Murray
On Wed, Dec 10, 2008 at 12:55 PM, Giorgos Keramidas
<keramida at freebsd.org> wrote:
> The wireless networking section is one of those I've been translating
> lately, and I noticed that it includes *many* acronyms (AP, BSS, SSID,
> IBSS, WPA, WEP, PSK, TKIP, and so on). The acronyms are practically
> everywhere, so adding <acronym> tags to them directly into CVS may not
> be a very gentle thing to do.
>
> So here it is, in diff format for your pleasure. Does anyone have
> objections to the patch attached below?
>
> [NOTE: I haven't wrapped any lines, to keep the patch more readable, but
> I know already that some of the touched lines may need a bit of wrap &
> filling after the patch goes in.]
>
> %%%
> diff -r 749797edbbed en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
> --- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Wed Dec 10 22:03:19 2008 +0200
> +++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml Wed Dec 10 22:50:29 2008 +0200
> @@ -21,7 +21,7 @@
> </listitem>
>
> <listitem>
> - <para>How to set up IEEE 802.11 and &bluetooth; devices.</para>
> + <para>How to set up <acronym>IEEE</acronym> 802.11 and &bluetooth; devices.</para>
> </listitem>
>
> <listitem>
> @@ -700,7 +700,7 @@
> <sect2>
> <title>Wireless Networking Basics</title>
>
> - <para>Most wireless networks are based on the IEEE 802.11
> + <para>Most wireless networks are based on the <acronym>IEEE</acronym> 802.11
> standards. A basic wireless network consists of multiple
> stations communicating with radios that broadcast in either
> the 2.4GHz or 5GHz band (though this varies according to the
> @@ -710,19 +710,19 @@
> <para>802.11 networks are organized in two ways: in
> <emphasis>infrastructure mode</emphasis> one station acts as a
> master with all the other stations associating to it; the
> - network is known as a BSS and the master station is termed an
> - access point (AP). In a BSS all communication passes through
> - the AP; even when one station wants to communicate with
> - another wireless station messages must go through the AP. In
> + network is known as a <acronym>BSS</acronym> and the master station is termed an
> + access point (<acronym>AP</acronym>). In a <acronym>BSS</acronym> all communication passes through
> + the <acronym>AP</acronym>; even when one station wants to communicate with
> + another wireless station messages must go through the <acronym>AP</acronym>. In
> the second form of network there is no master and stations
> - communicate directly. This form of network is termed an IBSS
> + communicate directly. This form of network is termed an <acronym>IBSS</acronym>
> and is commonly known as an <emphasis>ad-hoc
> network</emphasis>.</para>
>
> <para>802.11 networks were first deployed in the 2.4GHz band
> - using protocols defined by the IEEE 802.11 and 802.11b
> + using protocols defined by the <acronym>IEEE</acronym> 802.11 and 802.11b
> standard. These specifications include the operating
> - frequencies, MAC layer characteristics including framing and
> + frequencies, <acronym>MAC</acronym> layer characteristics including framing and
> transmission rates (communication can be done at various
> rates). Later the 802.11a standard defined operation in the
> 5GHz band, including different signalling mechanisms and
> @@ -734,51 +734,51 @@
> <para>Separate from the underlying transmission techniques
> 802.11 networks have a variety of security mechanisms. The
> original 802.11 specifications defined a simple security
> - protocol called WEP. This protocol uses a fixed pre-shared key
> + protocol called <acronym>WEP</acronym>. This protocol uses a fixed pre-shared key
> and the RC4 cryptographic cipher to encode data transmitted on
> a network. Stations must all agree on the fixed key in order
> to communicate. This scheme was shown to be easily broken and
> is now rarely used except to discourage transient users from
> joining networks. Current security practice is given by the
> - IEEE 802.11i specification that defines new cryptographic
> + <acronym>IEEE</acronym> 802.11i specification that defines new cryptographic
> ciphers and an additional protocol to authenticate stations to
> an access point and exchange keys for doing data
> communication. Further, cryptographic keys are periodically
> refreshed and there are mechanisms for detecting intrusion
> attempts (and for countering intrusion attempts). Another
> security protocol specification commonly used in wireless
> - networks is termed WPA. This was a precursor to 802.11i
> + networks is termed <acronym>WPA</acronym>. This was a precursor to 802.11i
> defined by an industry group as an interim measure while
> - waiting for 802.11i to be ratified. WPA specifies a subset of
> + waiting for 802.11i to be ratified. <acronym>WPA</acronym> specifies a subset of
> the requirements found in 802.11i and is designed for
> - implementation on legacy hardware. Specifically WPA requires
> - only the TKIP cipher that is derived from the original WEP
> - cipher. 802.11i permits use of TKIP but also requires support
> - for a stronger cipher, AES-CCM, for encrypting data. (The AES
> - cipher was not required in WPA because it was deemed too
> + implementation on legacy hardware. Specifically <acronym>WPA</acronym> requires
> + only the <acronym>TKIP</acronym> cipher that is derived from the original <acronym>WEP</acronym>
> + cipher. 802.11i permits use of <acronym>TKIP</acronym> but also requires support
> + for a stronger cipher, <acronym>AES-CCM</acronym>, for encrypting data. (The <acronym>AES</acronym>
> + cipher was not required in <acronym>WPA</acronym> because it was deemed too
> computationally costly to be implemented on legacy
> hardware.)</para>
>
> <para>Other than the above protocol standards the other
> important standard to be aware of is 802.11e. This defines
> protocols for deploying multi-media applications such as
> - streaming video and voice over IP (VoIP) in an 802.11 network.
> + streaming video and voice over IP (<acronym>VoIP</acronym>) in an 802.11 network.
> Like 802.11i, 802.11e also has a precursor specification
> - termed WME (later renamed WMM) that has been defined by an
> + termed <acronym>WME</acronym> (later renamed <acronym>WMM</acronym>) that has been defined by an
> industry group as a subset of 802.11e that can be deployed now
> to enable multi-media applications while waiting for the final
> ratification of 802.11e. The most important thing to know
> - about 802.11e and WME/WMM is that it enables prioritized
> + about 802.11e and <acronym>WME</acronym>/<acronym>WMM</acronym> is that it enables prioritized
> traffic use of a wireless network through Quality of Service
> (QoS) protocols and enhanced media access protocols. Proper
> implementation of these protocols enable high speed bursting
> of data and prioritized traffic flow.</para>
>
> <para>Since the 6.0 version, &os; supports networks that operate
> - using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i
> + using 802.11a, 802.11b, and 802.11g. The <acronym>WPA</acronym> and 802.11i
> security protocols are likewise supported (in conjunction with
> any of 11a, 11b, and 11g) and QoS and traffic prioritization
> - required by the WME/WMM protocols are supported for a limited
> + required by the <acronym>WME</acronym>/<acronym>WMM</acronym> protocols are supported for a limited
> set of wireless devices.</para>
> </sect2>
>
> @@ -901,7 +901,7 @@
> <sect2>
> <title>Infrastructure Mode</title>
>
> - <para>The infrastructure mode or BSS mode is the mode that is
> + <para>The infrastructure mode or <acronym>BSS</acronym> mode is the mode that is
> typically used. In this mode, a number of wireless access
> points are connected to a wired network. Each wireless
> network has its own name, this name is called the SSID of the
> @@ -935,7 +935,7 @@
> <para>The output of a scan request lists each BSS/IBSS
> network found. Beside the name of the network,
> <literal>SSID</literal>, we find the
> - <literal>BSSID</literal> which is the MAC address of the
> + <literal>BSSID</literal> which is the <acronym>MAC</acronym> address of the
> access point. The <literal>CAPS</literal> field
> identifies the type of each network and the capabilities
> of the stations operating there:</para>
> @@ -945,9 +945,9 @@
> <term><literal>E</literal></term>
>
> <listitem>
> - <para>Extended Service Set (ESS). Indicates that the
> + <para>Extended Service Set (<acronym>ESS</acronym>). Indicates that the
> station is part of an infrastructure network (in
> - contrast to an IBSS/ad-hoc network).</para>
> + contrast to an <acronym>IBSS</acronym>/ad-hoc network).</para>
> </listitem>
> </varlistentry>
>
> @@ -955,8 +955,8 @@
> <term><literal>I</literal></term>
>
> <listitem>
> - <para>IBSS/ad-hoc network. Indicates that the station
> - is part of an ad-hoc network (in contrast to an ESS
> + <para><acronym>IBSS</acronym>/ad-hoc network. Indicates that the station
> + is part of an ad-hoc network (in contrast to an <acronym>ESS</acronym>
> network).</para>
> </listitem>
> </varlistentry>
> @@ -966,9 +966,9 @@
>
> <listitem>
> <para>Privacy. Data confidentiality is required for
> - all data frames exchanged within the BSS. This means
> - that this BSS requires the station to use
> - cryptographic means such as WEP, TKIP or AES-CCMP to
> + all data frames exchanged within the <acronym>BSS</acronym>. This means
> + that this <acronym>BSS</acronym> requires the station to use
> + cryptographic means such as <acronym>WEP</acronym>, <acronym>TKIP</acronym> or <acronym>AES-CCMP</acronym> to
> encrypt/decrypt data frames being exchanged with
> others.</para>
> </listitem>
> @@ -1037,7 +1037,7 @@
>
> <para>If there are multiple access points and you want to
> select a specific one, you can select it by its
> - SSID:</para>
> + <acronym>SSID</acronym>:</para>
>
> <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting>
>
> @@ -1045,8 +1045,8 @@
> points with the same SSID (often done to simplify
> roaming) it may be necessary to associate to one
> specific device. In this case you can also specify the
> - BSSID of the access point (you can also leave off the
> - SSID):</para>
> + <acronym>BSSID</acronym> of the access point (you can also leave off the
> + <acronym>SSID</acronym>):</para>
>
> <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> bssid <replaceable>xx:xx:xx:xx:xx:xx</replaceable> DHCP"</programlisting>
>
> @@ -1084,16 +1084,16 @@
> Other schemes require cryptographic handshakes be
> completed before data traffic can flow; either using
> pre-shared keys or secrets, or more complex schemes that
> - involve backend services such as RADIUS. Most users
> + involve backend services such as <acronym>RADIUS</acronym>. Most users
> will use open authentication which is the default
> - setting. Next most common setup is WPA-PSK, also known
> - as WPA Personal, which is described <link
> + setting. Next most common setup is <acronym>WPA-PSK</acronym>, also known
> + as <acronym>WPA</acronym> Personal, which is described <link
> linkend="network-wireless-wpa-wpa-psk">below</link>.</para>
>
> <note>
> <para>If you have an &apple; &airport; Extreme base
> station for an access point you may need to configure
> - shared-key authentication together with a WEP key.
> + shared-key authentication together with a <acronym>WEP</acronym> key.
> This can be done in the
> <filename>/etc/rc.conf</filename> file or using the
> &man.wpa.supplicant.8; program. If you have a single
> @@ -1103,12 +1103,12 @@
> <programlisting>ifconfig_ath0="authmode shared wepmode on weptxkey <replaceable>1</replaceable> wepkey <replaceable>01234567</replaceable> DHCP"</programlisting>
>
> <para>In general shared key authentication is to be
> - avoided because it uses the WEP key material in a
> + avoided because it uses the <acronym>WEP</acronym> key material in a
> highly-constrained manner making it even easier to
> - crack the key. If WEP must be used (e.g., for
> + crack the key. If <acronym>WEP</acronym> must be used (e.g., for
> compatibility with legacy devices) it is better to use
> - WEP with <literal>open</literal> authentication. More
> - information regarding WEP can be found in the <xref
> + <acronym>WEP</acronym> with <literal>open</literal> authentication. More
> + information regarding <acronym>WEP</acronym> can be found in the <xref
> linkend="network-wireless-wep">.</para>
> </note>
> </sect5>
> @@ -1119,7 +1119,7 @@
> <para>Once you have selected an access point and set the
> authentication parameters, you will have to get an IP
> address to communicate. Most of time you will obtain
> - your wireless IP address via DHCP. To achieve that,
> + your wireless IP address via <acronym>DHCP</acronym>. To achieve that,
> simply edit <filename>/etc/rc.conf</filename> and add
> <literal>DHCP</literal> to the configuration for your
> device as shown in various examples above:</para>
> @@ -1149,7 +1149,7 @@
> are connected to the wireless network (to the
> <literal>dlinkap</literal> network in our case). The
> <literal>bssid 00:13:46:49:41:76</literal> part is the
> - MAC address of your access point; the
> + <acronym>MAC</acronym> address of your access point; the
> <literal>authmode</literal> line informs you that the
> communication is not encrypted
> (<literal>OPEN</literal>).</para>
> @@ -1159,7 +1159,7 @@
> <title>Static IP Address</title>
>
> <para>In the case you cannot obtain an IP address from a
> - DHCP server, you can set a fixed IP address. Replace
> + <acronym>DHCP</acronym> server, you can set a fixed IP address. Replace
> the <literal>DHCP</literal> keyword shown above with the
> address information. Be sure to retain any other
> parameters you have set up for selecting an access
> @@ -1172,34 +1172,34 @@
> <sect4 id="network-wireless-wpa">
> <title>WPA</title>
>
> - <para>WPA (Wi-Fi Protected Access) is a security protocol
> + <para><acronym>WPA</acronym> (Wi-Fi Protected Access) is a security protocol
> used together with 802.11 networks to address the lack of
> proper authentication and the weakness of <link
> - linkend="network-wireless-wep">WEP</link>. WPA leverages
> + linkend="network-wireless-wep">WEP</link>. <acronym>WPA</acronym> leverages
> the 802.1X authentication protocol and uses one of several
> - ciphers instead of WEP for data integrity. The only
> - cipher required by WPA is TKIP (Temporary Key Integrity
> + ciphers instead of <acronym>WEP</acronym> for data integrity. The only
> + cipher required by <acronym>WPA</acronym> is <acronym>TKIP</acronym> (Temporary Key Integrity
> Protocol) which is a cipher that extends the basic RC4
> - cipher used by WEP by adding integrity checking, tamper
> + cipher used by <acronym>WEP</acronym> by adding integrity checking, tamper
> detection, and measures for responding to any detected
> - intrusions. TKIP is designed to work on legacy hardware
> + intrusions. <acronym>TKIP</acronym> is designed to work on legacy hardware
> with only software modification; it represents a
> compromise that improves security but is still not
> - entirely immune to attack. WPA also specifies the
> - AES-CCMP cipher as an alternative to TKIP and that is
> + entirely immune to attack. <acronym>WPA</acronym> also specifies the
> + <acronym>AES-CCMP</acronym> cipher as an alternative to <acronym>TKIP</acronym> and that is
> preferred when possible; for this specification the term
> - WPA2 (or RSN) is commonly used.</para>
> -
> - <para>WPA defines authentication and encryption protocols.
> + <acronym>WPA2</acronym> (or <acronym>RSN</acronym>) is commonly used.</para>
> +
> + <para><acronym>WPA</acronym> defines authentication and encryption protocols.
> Authentication is most commonly done using one of two
> techniques: by 802.1X and a backend authentication service
> - such as RADIUS, or by a minimal handshake between the
> + such as <acronym>RADIUS</acronym>, or by a minimal handshake between the
> station and the access point using a pre-shared secret.
> - The former is commonly termed WPA Enterprise with the
> - latter known as WPA Personal. Since most people will not
> - set up a RADIUS backend server for wireless network,
> - WPA-PSK is by far the most commonly encountered
> - configuration for WPA.</para>
> + The former is commonly termed <acronym>WPA</acronym> Enterprise with the
> + latter known as <acronym>WPA</acronym> Personal. Since most people will not
> + set up a <acronym>RADIUS</acronym> backend server for wireless network,
> + <acronym>WPA-PSK</acronym> is by far the most commonly encountered
> + configuration for <acronym>WPA</acronym>.</para>
>
> <para>The control of the wireless connection and the
> authentication (key negotiation or authentication with a
> @@ -1212,11 +1212,11 @@
> <sect5 id="network-wireless-wpa-wpa-psk">
> <title>WPA-PSK</title>
>
> - <para>WPA-PSK also known as WPA-Personal is based on a
> - pre-shared key (PSK) generated from a given password and
> + <para><acronym>WPA-PSK</acronym> also known as WPA-Personal is based on a
> + pre-shared key (<acronym>PSK</acronym>) generated from a given password and
> that will be used as the master key in the wireless
> network. This means every wireless user will share the
> - same key. WPA-PSK is intended for small networks where
> + same key. <acronym>WPA-PSK</acronym> is intended for small networks where
> the use of an authentication server is not possible or
> desired.</para>
>
> @@ -1237,8 +1237,8 @@
>
> <para>Then, in <filename>/etc/rc.conf</filename>, we
> indicate that the wireless device configuration will be
> - done with WPA and the IP address will be obtained with
> - DHCP:</para>
> + done with <acronym>WPA</acronym> and the IP address will be obtained with
> + <acronym>DHCP</acronym>:</para>
>
> <programlisting>ifconfig_ath0="WPA DHCP"</programlisting>
>
> @@ -1274,7 +1274,7 @@
>
> <para>The next operation is the launch of the
> <command>dhclient</command> command to get the IP
> - address from the DHCP server:</para>
> + address from the <acronym>DHCP</acronym> server:</para>
>
> <screen>&prompt.root; <userinput>dhclient <replaceable>ath0</replaceable></userinput>
> DHCPREQUEST on ath0 to 255.255.255.255 port 67
> @@ -1301,7 +1301,7 @@
> keys.</para>
> </note>
>
> - <para>In the case where the use of DHCP is not possible,
> + <para>In the case where the use of <acronym>DHCP</acronym> is not possible,
> you can set a static IP address after
> <command>wpa_supplicant</command> has authenticated the
> station:</para>
> @@ -1318,7 +1318,7 @@
> authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36
> protmode CTS roaming MANUAL bintval 100</screen>
>
> - <para>When DHCP is not used, you also have to manually set
> + <para>When <acronym>DHCP</acronym> is not used, you also have to manually set
> up the default gateway and the nameserver:</para>
>
> <screen>&prompt.root; <userinput>route add default <replaceable>your_default_router</replaceable></userinput>
> @@ -1328,29 +1328,29 @@
> <sect5 id="network-wireless-wpa-eap-tls">
> <title>WPA with EAP-TLS</title>
>
> - <para>The second way to use WPA is with an 802.1X backend
> - authentication server, in this case WPA is called
> - WPA-Enterprise to make difference with the less secure
> - WPA-Personal with its pre-shared key. The
> - authentication in WPA-Enterprise is based on EAP
> + <para>The second way to use <acronym>WPA</acronym> is with an 802.1X backend
> + authentication server, in this case <acronym>WPA</acronym> is called
> + <acronym>WPA</acronym>-Enterprise to make difference with the less secure
> + <acronym>WPA</acronym>-Personal with its pre-shared key. The
> + authentication in <acronym>WPA</acronym>-Enterprise is based on <acronym>EAP</acronym>
> (Extensible Authentication Protocol).</para>
>
> - <para>EAP does not come with an encryption method, it was
> - decided to embed EAP inside an encrypted tunnel. Many
> - types of EAP authentication methods have been designed,
> - the most common methods are EAP-TLS, EAP-TTLS and
> - EAP-PEAP.</para>
> -
> - <para>EAP-TLS (EAP with Transport Layer Security) is a
> + <para><acronym>EAP</acronym> does not come with an encryption method, it was
> + decided to embed <acronym>EAP</acronym> inside an encrypted tunnel. Many
> + types of <acronym>EAP</acronym> authentication methods have been designed,
> + the most common methods are <acronym>EAP-TLS</acronym>, <acronym>EAP-TTLS</acronym> and
> + <acronym>EAP-PEAP</acronym>.</para>
> +
> + <para><acronym>EAP-TLS</acronym> (<acronym>EAP</acronym> with Transport Layer Security) is a
> very well-supported authentication protocol in the
> - wireless world since it was the first EAP method to be
> + wireless world since it was the first <acronym>EAP</acronym> method to be
> certified by the <ulink
> url="http://www.wi-fi.org/">Wi-Fi alliance</ulink>.
> - EAP-TLS will require three certificates to run: the CA
> + <acronym>EAP-TLS</acronym> will require three certificates to run: the <acronym>CA</acronym>
> certificate (installed on all machines), the server
> certificate for your authentication server, and one
> client certificate for each wireless client. In this
> - EAP method, both authentication server and wireless
> + <acronym>EAP</acronym> method, both authentication server and wireless
> client authenticate each other in presenting their
> respective certificates, and they verify that these
> certificates were signed by your organization's
> @@ -1378,30 +1378,30 @@
> </callout>
>
> <callout arearefs="co-tls-proto">
> - <para>Here, we use RSN (IEEE 802.11i) protocol, i.e.,
> + <para>Here, we use <acronym>RSN</acronym> (<acronym>IEEE</acronym> 802.11i) protocol, i.e.,
> WPA2.</para>
> </callout>
>
> <callout arearefs="co-tls-kmgmt">
> <para>The <literal>key_mgmt</literal> line refers to
> the key management protocol we use. In our case it
> - is WPA using EAP authentication:
> + is <acronym>WPA</acronym> using <acronym>EAP</acronym> authentication:
> <literal>WPA-EAP</literal>.</para>
> </callout>
>
> <callout arearefs="co-tls-eap">
> - <para>In this field, we mention the EAP method for our
> + <para>In this field, we mention the <acronym>EAP</acronym> method for our
> connection.</para>
> </callout>
>
> <callout arearefs="co-tls-id">
> <para>The <literal>identity</literal> field contains
> - the identity string for EAP.</para>
> + the identity string for <acronym>EAP</acronym>.</para>
> </callout>
>
> <callout arearefs="co-tls-cacert">
> <para>The <literal>ca_cert</literal> field indicates
> - the pathname of the CA certificate file. This file
> + the pathname of the <acronym>CA</acronym> certificate file. This file
> is needed to verify the server certificat.</para>
> </callout>
>
> @@ -1457,13 +1457,13 @@
> <sect5 id="network-wireless-wpa-eap-ttls">
> <title>WPA with EAP-TTLS</title>
>
> - <para>With EAP-TLS both the authentication server and the
> - client need a certificate, with EAP-TTLS (EAP-Tunneled
> + <para>With <acronym>EAP-TLS</acronym> both the authentication server and the
> + client need a certificate, with <acronym>EAP-TTLS</acronym> (<acronym>EAP</acronym>-Tunneled
> Transport Layer Security) a client certificate is
> optional. This method is close to what some secure web
> - sites do , where the web server can create a secure SSL
> + sites do, where the web server can create a secure <acronym>SSL</acronym>
> tunnel even if the visitors do not have client-side
> - certificates. EAP-TTLS will use the encrypted TLS
> + certificates. <acronym>EAP-TTLS</acronym> will use the encrypted <acronym>TLS</acronym>
> tunnel for safe transport of the authentication
> data.</para>
>
> @@ -1484,31 +1484,31 @@
>
> <calloutlist>
> <callout arearefs="co-ttls-eap">
> - <para>In this field, we mention the EAP method for our
> + <para>In this field, we mention the <acronym>EAP</acronym> method for our
> connection.</para>
> </callout>
>
> <callout arearefs="co-ttls-id">
> <para>The <literal>identity</literal> field contains
> - the identity string for EAP authentication inside
> - the encrypted TLS tunnel.</para>
> + the identity string for <acronym>EAP</acronym> authentication inside
> + the encrypted <acronym>TLS</acronym> tunnel.</para>
> </callout>
>
> <callout arearefs="co-ttls-passwd">
> <para>The <literal>password</literal> field contains
> - the passphrase for the EAP authentication.</para>
> + the passphrase for the <acronym>EAP</acronym> authentication.</para>
> </callout>
>
> <callout arearefs="co-ttls-cacert">
> <para>The <literal>ca_cert</literal> field indicates
> - the pathname of the CA certificate file. This file
> + the pathname of the <acronym>CA</acronym> certificate file. This file
> is needed to verify the server certificat.</para>
> </callout>
>
> <callout arearefs="co-ttls-pha2">
> <para>In this field, we mention the authentication
> - method used in the encrypted TLS tunnel. In our
> - case, EAP with MD5-Challenge has been used. The
> + method used in the encrypted <acronym>TLS</acronym> tunnel. In our
> + case, <acronym>EAP</acronym> with <acronym>MD5</acronym>-Challenge has been used. The
> <quote>inner authentication</quote> phase is often
> called <quote>phase2</quote>.</para>
> </callout>
> @@ -1542,29 +1542,29 @@
> <sect5 id="network-wireless-wpa-eap-peap">
> <title>WPA with EAP-PEAP</title>
>
> - <para>PEAP (Protected EAP) has been designed as an
> - alternative to EAP-TTLS. There are two types of PEAP
> - methods, the most common one is PEAPv0/EAP-MSCHAPv2. In
> - the rest of this document, we will use the PEAP term to
> - refer to that EAP method. PEAP is the most used EAP
> - standard after EAP-TLS, in other words if you have a
> - network with mixed OSes, PEAP should be the most
> - supported standard after EAP-TLS.</para>
> -
> - <para>PEAP is similar to EAP-TTLS: it uses a server-side
> + <para><acronym>PEAP</acronym> (Protected <acronym>EAP)</acronym> has been designed as an
> + alternative to <acronym>EAP-TTLS</acronym>. There are two types of <acronym>PEAP</acronym>
> + methods, the most common one is <acronym>PEAPv0</acronym>/<acronym>EAP-MSCHAPv2</acronym>. In
> + the rest of this document, we will use the <acronym>PEAP</acronym> term to
> + refer to that <acronym>EAP</acronym> method. <acronym>PEAP</acronym> is the most used <acronym>EAP</acronym>
> + standard after <acronym>EAP-TLS</acronym>, in other words if you have a
> + network with mixed OSes, <acronym>PEAP</acronym> should be the most
> + supported standard after <acronym>EAP-TLS</acronym>.</para>
> +
> + <para><acronym>PEAP</acronym> is similar to <acronym>EAP-TTLS</acronym>: it uses a server-side
> certificate to authenticate clients by creating an
> - encrypted TLS tunnel between the client and the
> + encrypted <acronym>TLS</acronym> tunnel between the client and the
> authentication server, which protects the ensuing
> exchange of authentication information. In term of
> - security the difference between EAP-TTLS and PEAP is
> - that PEAP authentication broadcasts the username in
> - clear, only the password is sent in the encrypted TLS
> - tunnel. EAP-TTLS will use the TLS tunnel for both
> + security the difference between <acronym>EAP-TTLS</acronym> and <acronym>PEAP</acronym> is
> + that <acronym>PEAP</acronym> authentication broadcasts the username in
> + clear, only the password is sent in the encrypted <acronym>TLS</acronym>
> + tunnel. <acronym>EAP-TTLS</acronym> will use the <acronym>TLS</acronym> tunnel for both
> username and password.</para>
>
> <para>We have to edit the
> <filename>/etc/wpa_supplicant.conf</filename> file and
> - add the EAP-PEAP related settings:</para>
> + add the <acronym>EAP-PEAP</acronym> related settings:</para>
>
> <programlisting>network={
> ssid="freebsdap"
> @@ -1580,30 +1580,30 @@
>
> <calloutlist>
> <callout arearefs="co-peap-eap">
> - <para>In this field, we mention the EAP method for our
> + <para>In this field, we mention the <acronym>EAP</acronym> method for our
> connection.</para>
> </callout>
>
> <callout arearefs="co-peap-id">
> <para>The <literal>identity</literal> field contains
> - the identity string for EAP authentication inside
> - the encrypted TLS tunnel.</para>
> + the identity string for <acronym>EAP</acronym> authentication inside
> + the encrypted <acronym>TLS</acronym> tunnel.</para>
> </callout>
>
> <callout arearefs="co-peap-passwd">
> <para>The <literal>password</literal> field contains
> - the passphrase for the EAP authentication.</para>
> + the passphrase for the <acronym>EAP</acronym> authentication.</para>
> </callout>
>
> <callout arearefs="co-peap-cacert">
> <para>The <literal>ca_cert</literal> field indicates
> - the pathname of the CA certificate file. This file
> + the pathname of the <acronym>CA</acronym> certificate file. This file
> is needed to verify the server certificat.</para>
> </callout>
>
> <callout arearefs="co-peap-pha1">
> <para>This field contains the parameters for the
> - first phase of the authentication (the TLS
> + first phase of the authentication (the <acronym>TLS</acronym>
> tunnel). According to the authentication server
> used, you will have to specify a specific label
> for the authentication. Most of time, the label
> @@ -1615,8 +1615,8 @@
>
> <callout arearefs="co-peap-pha2">
> <para>In this field, we mention the authentication
> - protocol used in the encrypted TLS tunnel. In the
> - case of PEAP, it is
> + protocol used in the encrypted <acronym>TLS</acronym> tunnel. In the
> + case of <acronym>PEAP</acronym>, it is
> <literal>auth=MSCHAPV2</literal>.</para>
> </callout>
> </calloutlist>
> @@ -1650,7 +1650,7 @@
> <sect4 id="network-wireless-wep">
> <title>WEP</title>
>
> - <para>WEP (Wired Equivalent Privacy) is part of the original
> + <para><acronym>WEP</acronym> (Wired Equivalent Privacy) is part of the original
> 802.11 standard. There is no authentication mechanism,
> only a weak form of access control, and it is easily to be
> cracked.</para>
> @@ -1663,7 +1663,7 @@
>
> <itemizedlist>
> <listitem>
> - <para>The <literal>weptxkey</literal> means which WEP
> + <para>The <literal>weptxkey</literal> means which <acronym>WEP</acronym>
> key will be used in the transmission. Here we used the
> third key. This must match the setting in the access
> point. If you do not have any idea of what is the key
> @@ -1674,7 +1674,7 @@
>
> <listitem>
> <para>The <literal>wepkey</literal> means setting the
> - selected WEP key. It should in the format
> + selected <acronym>WEP</acronym> key. It should in the format
> <replaceable>index:key</replaceable>, if the index is
> not given, key <literal>1</literal> is set. That is
> to say we need to set the index if we use keys other
> @@ -1692,7 +1692,7 @@
> page for further information.</para>
>
> <para>The <command>wpa_supplicant</command> facility also
> - can be used to configure your wireless interface with WEP.
> + can be used to configure your wireless interface with <acronym>WEP</acronym>.
> The example above can be set up by adding the following
> lines to
> <filename>/etc/wpa_supplicant.conf</filename>:</para>
> @@ -1716,11 +1716,11 @@
> <sect2>
> <title>Ad-hoc Mode</title>
>
> - <para>IBSS mode, also called ad-hoc mode, is designed for point
> + <para><acronym>IBSS</acronym> mode, also called ad-hoc mode, is designed for point
> to point connections. For example, to establish an ad-hoc
> network between the machine <hostid>A</hostid> and the machine
> <hostid>B</hostid> we will just need to choose two IP adresses
> - and a SSID.</para>
> + and a <acronym>SSID</acronym>.</para>
>
> <para>On the box <hostid>A</hostid>:</para>
>
> @@ -1736,7 +1736,7 @@
> authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen>
>
> <para>The <literal>adhoc</literal> parameter indicates the
> - interface is running in the IBSS mode.</para>
> + interface is running in the <acronym>IBSS</acronym> mode.</para>
>
> <para>On <hostid>B</hostid>, we should be able to detect
> <hostid>A</hostid>:</para>
> @@ -1769,14 +1769,14 @@
> <title>&os; Host Access Points</title>
>
> <para>&os; can act as an Access Point (AP) which eliminates the
> - need to buy a hardware AP or run an ad-hoc network. This can be
> + need to buy a hardware <acronym>AP</acronym> or run an ad-hoc network. This can be
> particularly useful when your &os; machine is acting as a
> gateway to another network (e.g., the Internet).</para>
>
> <sect3 id="network-wireless-ap-basic">
> <title>Basic Settings</title>
>
> - <para>Before configuring your &os; machine as an AP, the
> + <para>Before configuring your &os; machine as an <acronym>AP</acronym>, the
> kernel must be configured with the appropriate wireless
> networking support for your wireless card. You also have to
> add the support for the security protocols you intend to
> @@ -1785,8 +1785,8 @@
>
> <note>
> <para>The use of the NDIS driver wrapper and the &windows;
> - drivers do not allow currently the AP operation. Only
> - native &os; wireless drivers support AP mode.</para>
> + drivers do not allow currently the <acronym>AP</acronym> operation. Only
> + native &os; wireless drivers support <acronym>AP</acronym> mode.</para>
> </note>
>
> <para>Once the wireless networking support is loaded, you can
> @@ -1799,12 +1799,12 @@
> <para>This output displays the card capabilities; the
> <literal>HOSTAP</literal> word confirms this wireless card
> can act as an Access Point. Various supported ciphers are
> - also mentioned: WEP, TKIP, WPA2, etc., these informations
> + also mentioned: <acronym>WEP</acronym>, <acronym>TKIP</acronym>, <acronym>WPA2</acronym>, etc., these informations
> are important to know what security protocols could be set
> on the Access Point.</para>
>
> <para>The wireless device can now be put into hostap mode and
> - configured with the correct SSID and IP address:</para>
> + configured with the correct <acronym>SSID</acronym> and IP address:</para>
>
> <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap</userinput> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></screen>
>
> @@ -1836,12 +1836,12 @@
> <title>Host-based Access Point without Authentication or
> Encryption</title>
>
> - <para>Although it is not recommended to run an AP without any
> + <para>Although it is not recommended to run an <acronym>AP</acronym> without any
> authentication or encryption, this is a simple way to check
> - if your AP is working. This configuration is also important
> + if your <acronym>AP</acronym> is working. This configuration is also important
> for debugging client issues.</para>
>
> - <para>Once the AP configured as previously shown, it is
> + <para>Once the <acronym>AP</acronym> configured as previously shown, it is
> possible from another wireless machine to initiate a scan to
> find the AP:</para>
>
> @@ -1868,17 +1868,17 @@
> <title>WPA Host-based Access Point</title>
>
> <para>This section will focus on setting up &os; Access Point
> - using the WPA security protocol. More details regarding WPA
> - and the configuration of WPA-based wireless clients can be
> + using the <acronym>WPA</acronym> security protocol. More details regarding <acronym>WPA</acronym>
> + and the configuration of <acronym>WPA</acronym>-based wireless clients can be
> found in the <xref linkend="network-wireless-wpa">.</para>
>
> <para>The <application>hostapd</application> daemon is used to
> deal with client authentication and keys management on the
> - WPA enabled Access Point.</para>
> + <acronym>WPA</acronym> enabled Access Point.</para>
>
> <para>In the following, all the configuration operations will
> - be performed on the &os; machine acting as AP. Once the
> - AP is correctly working, <application>hostapd</application>
> + be performed on the &os; machine acting as <acronym>AP</acronym>. Once the
> + <acronym>AP</acronym> is correctly working, <application>hostapd</application>
> should be automatically enabled at boot with the following
> line in <filename>/etc/rc.conf</filename>:</para>
>
> @@ -1892,7 +1892,7 @@
> <sect4>
> <title>WPA-PSK</title>
>
> - <para>WPA-PSK is intended for small networks where the use
> + <para><acronym>WPA-PSK</acronym> is intended for small networks where the use
> of an backend authentication server is not possible or
> desired.</para>
>
> @@ -1944,14 +1944,14 @@
>
> <callout arearefs="co-ap-wpapsk-wpa">
> <para>The <literal>wpa</literal> field enables WPA and
> - specifies which WPA authentication protocol will be
> + specifies which <acronym>WPA</acronym> authentication protocol will be
> required. A value of <literal>1</literal> configures the
> AP for WPA-PSK.</para>
> </callout>
>
> <callout arearefs="co-ap-wpapsk-pass">
> <para>The <literal>wpa_passphrase</literal> field
> - contains the ASCII passphrase for the WPA
> + contains the <acronym>ASCII</acronym> passphrase for the <acronym>WPA</acronym>
> authentication.</para>
>
> <warning>
> @@ -1964,17 +1964,17 @@
> <callout arearefs="co-ap-wpapsk-kmgmt">
> <para>The <literal>wpa_key_mgmt</literal> line refers to
> the key management protocol we use. In our case it is
> - WPA-PSK.</para>
> + <acronym>WPA-PSK</acronym>.</para>
> </callout>
>
> <callout arearefs="co-ap-wpapsk-pwise">
> <para>The <literal>wpa_pairwise</literal> field
> indicates the set of accepted encryption algorithms by
> - the Access Point. Here both TKIP (WPA) and CCMP
> - (WPA2) ciphers are accepted. CCMP cipher is an
> - alternative to TKIP and that is strongly preferred
> - when possible; TKIP should be used solely for stations
> - incapable of doing CCMP.</para>
> + the Access Point. Here both <acronym>TKIP</acronym> (<acronym>WPA</acronym>) and <acronym>CCMP</acronym>
> + (<acronym>WPA2</acronym>) ciphers are accepted. <acronym>CCMP</acronym> cipher is an
> + alternative to <acronym>TKIP</acronym> and that is strongly preferred
> + when possible; <acronym>TKIP</acronym> should be used solely for stations
> + incapable of doing <acronym>CCMP</acronym>.</para>
> </callout>
> </calloutlist>
>
> @@ -1996,7 +1996,7 @@
> <para>The Access Point is running, the clients can now be
> associated with it, see <xref
> linkend="network-wireless-wpa"> for more details. It is
> - possible to see the stations associated with the AP using
> + possible to see the stations associated with the <acronym>AP</acronym> using
> the <command>ifconfig <replaceable>ath0</replaceable> list
> sta</command> command.</para>
> </sect4>
> @@ -2005,22 +2005,22 @@
> <sect3>
> <title>WEP Host-based Access Point</title>
>
> - <para>It is not recommended to use WEP for setting up an
> + <para>It is not recommended to use <acronym>WEP</acronym> for setting up an
> Access Point since there is no authentication mechanism and
> it is easily to be cracked. Some legacy wireless cards only
> - support WEP as security protocol, these cards will only
> - allow to set up AP without authentication or encryption or
> - using the WEP protocol.</para>
> + support <acronym>WEP</acronym> as security protocol, these cards will only
> + allow to set up <acronym>AP</acronym> without authentication or encryption or
> + using the <acronym>WEP</acronym> protocol.</para>
>
> <para>The wireless device can now be put into hostap mode and
> - configured with the correct SSID and IP address:</para>
> + configured with the correct <acronym>SSID</acronym> and IP address:</para>
>
> <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap \
> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput></screen>
>
> <itemizedlist>
> <listitem>
> - <para>The <literal>weptxkey</literal> means which WEP
> + <para>The <literal>weptxkey</literal> means which <acronym>WEP</acronym>
> key will be used in the transmission. Here we used the
> third key (note that the key numbering starts with
> <literal>1</literal>). This parameter must be specified
> @@ -2029,7 +2029,7 @@
>
> <listitem>
> <para>The <literal>wepkey</literal> means setting the
> - selected WEP key. It should in the format
> + selected <acronym>WEP</acronym> key. It should in the format
> <replaceable>index:key</replaceable>, if the index is
> not given, key <literal>1</literal> is set. That is
> to say we need to set the index if we use keys other
> @@ -2084,7 +2084,7 @@
> access point. This includes the authentication scheme and
> any security protocols. Simplify your configuration as
> much as possible. If you are using a security protocol
> - such as WPA or WEP configure the access point for open
> + such as <acronym>WPA</acronym> or <acronym>WEP</acronym> configure the access point for open
> authentication and no security to see if you can get
> traffic to pass.</para>
> </listitem>
> @@ -3245,7 +3245,7 @@
> <varlistentry><term>lacp</term>
>
> <listitem>
> - <para>Supports the IEEE 802.3ad Link Aggregation Control Protocol
> + <para>Supports the <acronym>IEEE</acronym> 802.3ad Link Aggregation Control Protocol
> (LACP) and the Marker Protocol. LACP will negotiate a set of
> aggregable links with the peer in to one or more Link Aggregated
> Groups. Each LAG is composed of ports of the same speed, set to
> %%%
>
More information about the freebsd-doc
mailing list