docs/160269: [patch] Handbook wireless section: sand off some rough edges

Benjamin Kaduk kaduk at MIT.EDU
Mon Aug 29 02:16:02 UTC 2011


With all due respect to Garrett [but not his mail client's handling of 
whitespace],

On Mon, 29 Aug 2011, Warren Block wrote:

>
> --- en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml.orig	2011-08-28 17:57:28.000000000 -0600
> +++ en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml	2011-08-28 18:35:33.000000000 -0600
> @@ -1380,16 +1380,16 @@
> 	    <title>WPA with EAP-TLS</title>
>
> 	    <para>The second way to use WPA is with an 802.1X backend
> -	      authentication server, in this case WPA is called
> -	      WPA-Enterprise to make difference with the less secure
> -	      WPA-Personal with its pre-shared key.  The
> -	      authentication in WPA-Enterprise is based on EAP
> +	      authentication server.  In this case WPA is called
> +	      WPA-Enterprise to differentiate it from the less secure
> +	      WPA-Personal with its pre-shared key.
> +	      Authentication in WPA-Enterprise is based on EAP
> 	      (Extensible Authentication Protocol).</para>

This doesn't feel quite right; I would use "is based on the Extensible 
Authentication Protocol (EAP)."

>
> 	    <para>EAP does not come with an encryption method, it was
> 	      decided to embed EAP inside an encrypted tunnel.  Many
> -	      types of EAP authentication methods have been designed,
> -	      the most common methods are EAP-TLS, EAP-TTLS and
> +	      types of EAP authentication methods have been designed.
> +	      The most common methods are EAP-TLS, EAP-TTLS and
> 	      EAP-PEAP.</para>
>
> 	    <para>EAP-TLS (EAP with Transport Layer Security) is a
> @@ -1610,9 +1610,9 @@
> 	      certificate to authenticate clients by creating an
> 	      encrypted TLS tunnel between the client and the
> 	      authentication server, which protects the ensuing
> -	      exchange of authentication information.  In term of
> +	      exchange of authentication information.  In terms of
> 	      security the difference between EAP-TTLS and PEAP is
> -	      that PEAP authentication broadcasts the username in
> +	      that PEAP authentication broadcasts the username in the
> 	      clear, only the password is sent in the encrypted TLS
> 	      tunnel.  EAP-TTLS will use the TLS tunnel for both

As Garrett mentions, this sentence is getting pretty long.
I would put a comma after "security", and a linking word before "only the 
password is sent ...".  Maybe "meaning", or "so that".

> 	      username and password.</para>
> @@ -1661,7 +1661,7 @@
> 		  first phase of the authentication (the TLS
> 		  tunnel).  According to the authentication server
> 		  used, you will have to specify a specific label
> -		  for the authentication.  Most of time, the label
> +		  for the authentication.  Most of the time, the label

I think the "the" in "the authentication" is not needed.

> 		  will be <quote>client EAP encryption</quote> which
> 		  is set by using <literal>peaplabel=0</literal>.
> 		  More information can be found in the
> @@ -1861,8 +1861,8 @@
> 	<para>This output displays the card capabilities; the
> 	  <literal>HOSTAP</literal> word confirms this wireless card
> 	  can act as an Access Point.  Various supported ciphers are
> -	  also mentioned: WEP, TKIP, AES, etc., these informations
> -	  are important to know what security protocols could be set
> +	  also mentioned: WEP, TKIP, AES, etc., this information

I would change this comma to a full stop.  (Maybe a semicolon, but it 
would be a bit odd to have colon and semicolon in such proximity.)

Thanks for assembling all these fixes into a patch!

-Ben Kaduk

> +	  is important to know what security protocols could be set
> 	  on the Access Point.</para>
>
> 	<para>The wireless device can only be put into hostap mode



More information about the freebsd-doc mailing list