Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Dec 2008 22:55:47 +0200
From:      Giorgos Keramidas <keramida@freebsd.org>
To:        freebsd-doc@freebsd.org
Subject:   [PATCH] Adding <acronym> elements to wlan Handbook section
Message-ID:  <871vwfn418.fsf@kobe.laptop>

next in thread | raw e-mail | index | archive | help
--=-=-=
Content-Transfer-Encoding: quoted-printable

The wireless networking section is one of those I've been translating
lately, and I noticed that it includes *many* acronyms (AP, BSS, SSID,
IBSS, WPA, WEP, PSK, TKIP, and so on).  The acronyms are practically
everywhere, so adding <acronym> tags to them directly into CVS may not
be a very gentle thing to do.

So here it is, in diff format for your pleasure.  Does anyone have
objections to the patch attached below?

[NOTE: I haven't wrapped any lines, to keep the patch more readable, but
I know already that some of the touched lines may need a bit of wrap &
filling after the patch goes in.]

%%%
diff -r 749797edbbed en_US.ISO8859-1/books/handbook/advanced-networking/cha=
pter.sgml
=2D-- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml	Wed=
 Dec 10 22:03:19 2008 +0200
+++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml	Wed D=
ec 10 22:50:29 2008 +0200
@@ -21,7 +21,7 @@
       </listitem>
=20
       <listitem>
=2D	<para>How to set up IEEE 802.11 and &bluetooth; devices.</para>
+	<para>How to set up <acronym>IEEE</acronym> 802.11 and &bluetooth; device=
s.</para>
       </listitem>
=20
       <listitem>
@@ -700,7 +700,7 @@
     <sect2>
       <title>Wireless Networking Basics</title>
=20
=2D      <para>Most wireless networks are based on the IEEE 802.11
+      <para>Most wireless networks are based on the <acronym>IEEE</acronym=
> 802.11
 	standards.  A basic wireless network consists of multiple
 	stations communicating with radios that broadcast in either
 	the 2.4GHz or 5GHz band (though this varies according to the
@@ -710,19 +710,19 @@
       <para>802.11 networks are organized in two ways: in
 	<emphasis>infrastructure mode</emphasis> one station acts as a
 	master with all the other stations associating to it; the
=2D	network is known as a BSS and the master station is termed an
=2D	access point (AP).  In a BSS all communication passes through
=2D	the AP; even when one station wants to communicate with
=2D	another wireless station messages must go through the AP.  In
+	network is known as a <acronym>BSS</acronym> and the master station is te=
rmed an
+	access point (<acronym>AP</acronym>).  In a <acronym>BSS</acronym> all co=
mmunication passes through
+	the <acronym>AP</acronym>; even when one station wants to communicate with
+	another wireless station messages must go through the <acronym>AP</acrony=
m>.  In
 	the second form of network there is no master and stations
=2D	communicate directly.  This form of network is termed an IBSS
+	communicate directly.  This form of network is termed an <acronym>IBSS</a=
cronym>
 	and is commonly known as an <emphasis>ad-hoc
 	network</emphasis>.</para>
=20
       <para>802.11 networks were first deployed in the 2.4GHz band
=2D	using protocols defined by the IEEE 802.11 and 802.11b
+	using protocols defined by the <acronym>IEEE</acronym> 802.11 and 802.11b
 	standard.  These specifications include the operating
=2D	frequencies, MAC layer characteristics including framing and
+	frequencies, <acronym>MAC</acronym> layer characteristics including frami=
ng and
 	transmission rates (communication can be done at various
 	rates).  Later the 802.11a standard defined operation in the
 	5GHz band, including different signalling mechanisms and
@@ -734,51 +734,51 @@
       <para>Separate from the underlying transmission techniques
 	802.11 networks have a variety of security mechanisms.  The
 	original 802.11 specifications defined a simple security
=2D	protocol called WEP. This protocol uses a fixed pre-shared key
+	protocol called <acronym>WEP</acronym>. This protocol uses a fixed pre-sh=
ared key
 	and the RC4 cryptographic cipher to encode data transmitted on
 	a network.  Stations must all agree on the fixed key in order
 	to communicate.  This scheme was shown to be easily broken and
 	is now rarely used except to discourage transient users from
 	joining networks.  Current security practice is given by the
=2D	IEEE 802.11i specification that defines new cryptographic
+	<acronym>IEEE</acronym> 802.11i specification that defines new cryptograp=
hic
 	ciphers and an additional protocol to authenticate stations to
 	an access point and exchange keys for doing data
 	communication.  Further, cryptographic keys are periodically
 	refreshed and there are mechanisms for detecting intrusion
 	attempts (and for countering intrusion attempts).  Another
 	security protocol specification commonly used in wireless
=2D	networks is termed WPA.  This was a precursor to 802.11i
+	networks is termed <acronym>WPA</acronym>.  This was a precursor to 802.1=
1i
 	defined by an industry group as an interim measure while
=2D	waiting for 802.11i to be ratified.  WPA specifies a subset of
+	waiting for 802.11i to be ratified.  <acronym>WPA</acronym> specifies a s=
ubset of
 	the requirements found in 802.11i and is designed for
=2D	implementation on legacy hardware.  Specifically WPA requires
=2D	only the TKIP cipher that is derived from the original WEP
=2D	cipher.  802.11i permits use of TKIP but also requires support
=2D	for a stronger cipher, AES-CCM, for encrypting data.  (The AES
=2D	cipher was not required in WPA because it was deemed too
+	implementation on legacy hardware.  Specifically <acronym>WPA</acronym> r=
equires
+	only the <acronym>TKIP</acronym> cipher that is derived from the original=
 <acronym>WEP</acronym>
+	cipher.  802.11i permits use of <acronym>TKIP</acronym> but also requires=
 support
+	for a stronger cipher, <acronym>AES-CCM</acronym>, for encrypting data.  =
(The <acronym>AES</acronym>
+	cipher was not required in <acronym>WPA</acronym> because it was deemed t=
oo
 	computationally costly to be implemented on legacy
 	hardware.)</para>
=20
       <para>Other than the above protocol standards the other
 	important standard to be aware of is 802.11e.  This defines
 	protocols for deploying multi-media applications such as
=2D	streaming video and voice over IP (VoIP) in an 802.11 network.
+	streaming video and voice over IP (<acronym>VoIP</acronym>) in an 802.11 =
network.
 	Like 802.11i, 802.11e also has a precursor specification
=2D	termed WME (later renamed WMM) that has been defined by an
+	termed <acronym>WME</acronym> (later renamed <acronym>WMM</acronym>) that=
 has been defined by an
 	industry group as a subset of 802.11e that can be deployed now
 	to enable multi-media applications while waiting for the final
 	ratification of 802.11e.  The most important thing to know
=2D	about 802.11e and WME/WMM is that it enables prioritized
+	about 802.11e and <acronym>WME</acronym>/<acronym>WMM</acronym> is that i=
t enables prioritized
 	traffic use of a wireless network through Quality of Service
 	(QoS) protocols and enhanced media access protocols.  Proper
 	implementation of these protocols enable high speed bursting
 	of data and prioritized traffic flow.</para>
=20
       <para>Since the 6.0 version, &os; supports networks that operate
=2D	using 802.11a, 802.11b, and 802.11g.  The WPA and 802.11i
+	using 802.11a, 802.11b, and 802.11g.  The <acronym>WPA</acronym> and 802.=
11i
 	security protocols are likewise supported (in conjunction with
 	any of 11a, 11b, and 11g) and QoS and traffic prioritization
=2D	required by the WME/WMM protocols are supported for a limited
+	required by the <acronym>WME</acronym>/<acronym>WMM</acronym> protocols a=
re supported for a limited
 	set of wireless devices.</para>
     </sect2>
=20
@@ -901,7 +901,7 @@
     <sect2>
       <title>Infrastructure Mode</title>
=20
=2D      <para>The infrastructure mode or BSS mode is the mode that is
+      <para>The infrastructure mode or <acronym>BSS</acronym> mode is the =
mode that is
 	typically used.  In this mode, a number of wireless access
 	points are connected to a wired network.  Each wireless
 	network has its own name, this name is called the SSID of the
@@ -935,7 +935,7 @@
 	  <para>The output of a scan request lists each BSS/IBSS
 	    network found.  Beside the name of the network,
 	    <literal>SSID</literal>, we find the
=2D	    <literal>BSSID</literal> which is the MAC address of the
+	    <literal>BSSID</literal> which is the <acronym>MAC</acronym> address =
of the
 	    access point.  The <literal>CAPS</literal> field
 	    identifies the type of each network and the capabilities
 	    of the stations operating there:</para>
@@ -945,9 +945,9 @@
 	      <term><literal>E</literal></term>
=20
 	      <listitem>
=2D		<para>Extended Service Set (ESS).  Indicates that the
+		<para>Extended Service Set (<acronym>ESS</acronym>).  Indicates that the
 		  station is part of an infrastructure network (in
=2D		  contrast to an IBSS/ad-hoc network).</para>
+		  contrast to an <acronym>IBSS</acronym>/ad-hoc network).</para>
 	      </listitem>
 	    </varlistentry>
=20
@@ -955,8 +955,8 @@
 	      <term><literal>I</literal></term>
=20
 	      <listitem>
=2D		<para>IBSS/ad-hoc network.  Indicates that the station
=2D		  is part of an ad-hoc network (in contrast to an ESS
+		<para><acronym>IBSS</acronym>/ad-hoc network.  Indicates that the station
+		  is part of an ad-hoc network (in contrast to an <acronym>ESS</acronym>
 		  network).</para>
 	      </listitem>
 	    </varlistentry>
@@ -966,9 +966,9 @@
=20
 	      <listitem>
 		<para>Privacy.  Data confidentiality is required for
=2D		  all data frames exchanged within the BSS.  This means
=2D		  that this BSS requires the station to use
=2D		  cryptographic means such as WEP, TKIP or AES-CCMP to
+		  all data frames exchanged within the <acronym>BSS</acronym>.  This mea=
ns
+		  that this <acronym>BSS</acronym> requires the station to use
+		  cryptographic means such as <acronym>WEP</acronym>, <acronym>TKIP</acr=
onym> or <acronym>AES-CCMP</acronym> to
 		  encrypt/decrypt data frames being exchanged with
 		  others.</para>
 	      </listitem>
@@ -1037,7 +1037,7 @@
=20
 	    <para>If there are multiple access points and you want to
 	      select a specific one, you can select it by its
=2D	      SSID:</para>
+	      <acronym>SSID</acronym>:</para>
=20
 	    <programlisting>ifconfig_ath0=3D"ssid <replaceable>your_ssid_here</re=
placeable> DHCP"</programlisting>
=20
@@ -1045,8 +1045,8 @@
 	      points with the same SSID (often done to simplify
 	      roaming) it may be necessary to associate to one
 	      specific device.  In this case you can also specify the
=2D	      BSSID of the access point (you can also leave off the
=2D	      SSID):</para>
+	      <acronym>BSSID</acronym> of the access point (you can also leave of=
f the
+	      <acronym>SSID</acronym>):</para>
=20
 	    <programlisting>ifconfig_ath0=3D"ssid <replaceable>your_ssid_here</re=
placeable> bssid <replaceable>xx:xx:xx:xx:xx:xx</replaceable> DHCP"</progra=
mlisting>
=20
@@ -1084,16 +1084,16 @@
 	      Other schemes require cryptographic handshakes be
 	      completed before data traffic can flow; either using
 	      pre-shared keys or secrets, or more complex schemes that
=2D	      involve backend services such as RADIUS.  Most users
+	      involve backend services such as <acronym>RADIUS</acronym>.  Most u=
sers
 	      will use open authentication which is the default
=2D	      setting.  Next most common setup is WPA-PSK, also known
=2D	      as WPA Personal, which is described <link
+	      setting.  Next most common setup is <acronym>WPA-PSK</acronym>, als=
o known
+	      as <acronym>WPA</acronym> Personal, which is described <link
 	      linkend=3D"network-wireless-wpa-wpa-psk">below</link>.</para>
=20
 	    <note>
 	      <para>If you have an &apple; &airport; Extreme base
 		station for an access point you may need to configure
=2D		shared-key authentication together with a WEP key.
+		shared-key authentication together with a <acronym>WEP</acronym> key.
 		This can be done in the
 		<filename>/etc/rc.conf</filename> file or using the
 		&man.wpa.supplicant.8; program.  If you have a single
@@ -1103,12 +1103,12 @@
 	      <programlisting>ifconfig_ath0=3D"authmode shared wepmode on weptxke=
y <replaceable>1</replaceable> wepkey <replaceable>01234567</replaceable> D=
HCP"</programlisting>
=20
 	      <para>In general shared key authentication is to be
=2D		avoided because it uses the WEP key material in a
+		avoided because it uses the <acronym>WEP</acronym> key material in a
 		highly-constrained manner making it even easier to
=2D		crack the key.  If WEP must be used (e.g., for
+		crack the key.  If <acronym>WEP</acronym> must be used (e.g., for
 		compatibility with legacy devices) it is better to use
=2D		WEP with <literal>open</literal> authentication.  More
=2D		information regarding WEP can be found in the <xref
+		<acronym>WEP</acronym> with <literal>open</literal> authentication.  More
+		information regarding <acronym>WEP</acronym> can be found in the <xref
 		linkend=3D"network-wireless-wep">.</para>
 	    </note>
 	  </sect5>
@@ -1119,7 +1119,7 @@
 	    <para>Once you have selected an access point and set the
 	      authentication parameters, you will have to get an IP
 	      address to communicate.  Most of time you will obtain
=2D	      your wireless IP address via DHCP.  To achieve that,
+	      your wireless IP address via <acronym>DHCP</acronym>.  To achieve t=
hat,
 	      simply edit <filename>/etc/rc.conf</filename> and add
 	      <literal>DHCP</literal> to the configuration for your
 	      device as shown in various examples above:</para>
@@ -1149,7 +1149,7 @@
 	      are connected to the wireless network (to the
 	      <literal>dlinkap</literal> network in our case).  The
 	      <literal>bssid 00:13:46:49:41:76</literal> part is the
=2D	      MAC address of your access point; the
+	      <acronym>MAC</acronym> address of your access point; the
 	      <literal>authmode</literal> line informs you that the
 	      communication is not encrypted
 	      (<literal>OPEN</literal>).</para>
@@ -1159,7 +1159,7 @@
 	    <title>Static IP Address</title>
=20
 	    <para>In the case you cannot obtain an IP address from a
=2D	      DHCP server, you can set a fixed IP address.  Replace
+	      <acronym>DHCP</acronym> server, you can set a fixed IP address.  Re=
place
 	      the <literal>DHCP</literal> keyword shown above with the
 	      address information.  Be sure to retain any other
 	      parameters you have set up for selecting an access
@@ -1172,34 +1172,34 @@
 	<sect4 id=3D"network-wireless-wpa">
 	  <title>WPA</title>
=20
=2D	  <para>WPA (Wi-Fi Protected Access) is a security protocol
+	  <para><acronym>WPA</acronym> (Wi-Fi Protected Access) is a security pro=
tocol
 	    used together with 802.11 networks to address the lack of
 	    proper authentication and the weakness of <link
=2D	    linkend=3D"network-wireless-wep">WEP</link>.  WPA leverages
+	    linkend=3D"network-wireless-wep">WEP</link>.  <acronym>WPA</acronym> =
leverages
 	    the 802.1X authentication protocol and uses one of several
=2D	    ciphers instead of WEP for data integrity.  The only
=2D	    cipher required by WPA is TKIP (Temporary Key Integrity
+	    ciphers instead of <acronym>WEP</acronym> for data integrity.  The on=
ly
+	    cipher required by <acronym>WPA</acronym> is <acronym>TKIP</acronym> =
(Temporary Key Integrity
 	    Protocol) which is a cipher that extends the basic RC4
=2D	    cipher used by WEP by adding integrity checking, tamper
+	    cipher used by <acronym>WEP</acronym> by adding integrity checking, t=
amper
 	    detection, and measures for responding to any detected
=2D	    intrusions.  TKIP is designed to work on legacy hardware
+	    intrusions.  <acronym>TKIP</acronym> is designed to work on legacy ha=
rdware
 	    with only software modification; it represents a
 	    compromise that improves security but is still not
=2D	    entirely immune to attack.  WPA also specifies the
=2D	    AES-CCMP cipher as an alternative to TKIP and that is
+	    entirely immune to attack.  <acronym>WPA</acronym> also specifies the
+	    <acronym>AES-CCMP</acronym> cipher as an alternative to <acronym>TKIP=
</acronym> and that is
 	    preferred when possible; for this specification the term
=2D	    WPA2 (or RSN) is commonly used.</para>
=2D
=2D	  <para>WPA defines authentication and encryption protocols.
+	    <acronym>WPA2</acronym> (or <acronym>RSN</acronym>) is commonly used.=
</para>
+
+	  <para><acronym>WPA</acronym> defines authentication and encryption prot=
ocols.
 	    Authentication is most commonly done using one of two
 	    techniques: by 802.1X and a backend authentication service
=2D	    such as RADIUS, or by a minimal handshake between the
+	    such as <acronym>RADIUS</acronym>, or by a minimal handshake between =
the
 	    station and the access point using a pre-shared secret.
=2D	    The former is commonly termed WPA Enterprise with the
=2D	    latter known as WPA Personal.  Since most people will not
=2D	    set up a RADIUS backend server for wireless network,
=2D	    WPA-PSK is by far the most commonly encountered
=2D	    configuration for WPA.</para>
+	    The former is commonly termed <acronym>WPA</acronym> Enterprise with =
the
+	    latter known as <acronym>WPA</acronym> Personal.  Since most people w=
ill not
+	    set up a <acronym>RADIUS</acronym> backend server for wireless networ=
k,
+	    <acronym>WPA-PSK</acronym> is by far the most commonly encountered
+	    configuration for <acronym>WPA</acronym>.</para>
=20
 	  <para>The control of the wireless connection and the
 	    authentication (key negotiation or authentication with a
@@ -1212,11 +1212,11 @@
 	  <sect5 id=3D"network-wireless-wpa-wpa-psk">
 	    <title>WPA-PSK</title>
=20
=2D	    <para>WPA-PSK also known as WPA-Personal is based on a
=2D	      pre-shared key (PSK) generated from a given password and
+	    <para><acronym>WPA-PSK</acronym> also known as WPA-Personal is based =
on a
+	      pre-shared key (<acronym>PSK</acronym>) generated from a given pass=
word and
 	      that will be used as the master key in the wireless
 	      network.  This means every wireless user will share the
=2D	      same key.  WPA-PSK is intended for small networks where
+	      same key.  <acronym>WPA-PSK</acronym> is intended for small network=
s where
 	      the use of an authentication server is not possible or
 	      desired.</para>
=20
@@ -1237,8 +1237,8 @@
=20
 	    <para>Then, in <filename>/etc/rc.conf</filename>, we
 	      indicate that the wireless device configuration will be
=2D	      done with WPA and the IP address will be obtained with
=2D	      DHCP:</para>
+	      done with <acronym>WPA</acronym> and the IP address will be obtaine=
d with
+	      <acronym>DHCP</acronym>:</para>
=20
 	    <programlisting>ifconfig_ath0=3D"WPA DHCP"</programlisting>
=20
@@ -1274,7 +1274,7 @@
=20
 	    <para>The next operation is the launch of the
 	      <command>dhclient</command> command to get the IP
=2D	      address from the DHCP server:</para>
+	      address from the <acronym>DHCP</acronym> server:</para>
=20
 	    <screen>&prompt.root; <userinput>dhclient <replaceable>ath0</replacea=
ble></userinput>
 DHCPREQUEST on ath0 to 255.255.255.255 port 67
@@ -1301,7 +1301,7 @@
 		keys.</para>
 	    </note>
=20
=2D	    <para>In the case where the use of DHCP is not possible,
+	    <para>In the case where the use of <acronym>DHCP</acronym> is not pos=
sible,
 	      you can set a static IP address after
 	      <command>wpa_supplicant</command> has authenticated the
 	      station:</para>
@@ -1318,7 +1318,7 @@
       authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36
       protmode CTS roaming MANUAL bintval 100</screen>
=20
=2D	    <para>When DHCP is not used, you also have to manually set
+	    <para>When <acronym>DHCP</acronym> is not used, you also have to manu=
ally set
 	      up the default gateway and the nameserver:</para>
=20
 	    <screen>&prompt.root; <userinput>route add default <replaceable>your_=
default_router</replaceable></userinput>
@@ -1328,29 +1328,29 @@
 	  <sect5 id=3D"network-wireless-wpa-eap-tls">
 	    <title>WPA with EAP-TLS</title>
=20
=2D	    <para>The second way to use WPA is with an 802.1X backend
=2D	      authentication server, in this case WPA is called
=2D	      WPA-Enterprise to make difference with the less secure
=2D	      WPA-Personal with its pre-shared key.  The
=2D	      authentication in WPA-Enterprise is based on EAP
+	    <para>The second way to use <acronym>WPA</acronym> is with an 802.1X =
backend
+	      authentication server, in this case <acronym>WPA</acronym> is called
+	      <acronym>WPA</acronym>-Enterprise to make difference with the less =
secure
+	      <acronym>WPA</acronym>-Personal with its pre-shared key.  The
+	      authentication in <acronym>WPA</acronym>-Enterprise is based on <ac=
ronym>EAP</acronym>
 	      (Extensible Authentication Protocol).</para>
=20
=2D	    <para>EAP does not come with an encryption method, it was
=2D	      decided to embed EAP inside an encrypted tunnel.  Many
=2D	      types of EAP authentication methods have been designed,
=2D	      the most common methods are EAP-TLS, EAP-TTLS and
=2D	      EAP-PEAP.</para>
=2D
=2D	    <para>EAP-TLS (EAP with Transport Layer Security) is a
+	    <para><acronym>EAP</acronym> does not come with an encryption method,=
 it was
+	      decided to embed <acronym>EAP</acronym> inside an encrypted tunnel.=
  Many
+	      types of <acronym>EAP</acronym> authentication methods have been de=
signed,
+	      the most common methods are <acronym>EAP-TLS</acronym>, <acronym>EA=
P-TTLS</acronym> and
+	      <acronym>EAP-PEAP</acronym>.</para>
+
+	    <para><acronym>EAP-TLS</acronym> (<acronym>EAP</acronym> with Transpo=
rt Layer Security) is a
 	      very well-supported authentication protocol in the
=2D	      wireless world since it was the first EAP method to be
+	      wireless world since it was the first <acronym>EAP</acronym> method=
 to be
 	      certified by the <ulink
 	      url=3D"http://www.wi-fi.org/">Wi-Fi alliance</ulink>.
=2D	      EAP-TLS will require three certificates to run: the CA
+	      <acronym>EAP-TLS</acronym> will require three certificates to run: =
the <acronym>CA</acronym>
 	      certificate (installed on all machines), the server
 	      certificate for your authentication server, and one
 	      client certificate for each wireless client.  In this
=2D	      EAP method, both authentication server and wireless
+	      <acronym>EAP</acronym> method, both authentication server and wirel=
ess
 	      client authenticate each other in presenting their
 	      respective certificates, and they verify that these
 	      certificates were signed by your organization's
@@ -1378,30 +1378,30 @@
 	      </callout>
=20
 	      <callout arearefs=3D"co-tls-proto">
=2D		<para>Here, we use RSN (IEEE 802.11i) protocol, i.e.,
+		<para>Here, we use <acronym>RSN</acronym> (<acronym>IEEE</acronym> 802.1=
1i) protocol, i.e.,
 		  WPA2.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-tls-kmgmt">
 		<para>The <literal>key_mgmt</literal> line refers to
 		  the key management protocol we use.  In our case it
=2D		  is WPA using EAP authentication:
+		  is <acronym>WPA</acronym> using <acronym>EAP</acronym> authentication:
 		  <literal>WPA-EAP</literal>.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-tls-eap">
=2D		<para>In this field, we mention the EAP method for our
+		<para>In this field, we mention the <acronym>EAP</acronym> method for our
 		  connection.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-tls-id">
 		<para>The <literal>identity</literal> field contains
=2D		  the identity string for EAP.</para>
+		  the identity string for <acronym>EAP</acronym>.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-tls-cacert">
 		<para>The <literal>ca_cert</literal> field indicates
=2D		  the pathname of the CA certificate file.  This file
+		  the pathname of the <acronym>CA</acronym> certificate file.  This file
 		  is needed to verify the server certificat.</para>
 	      </callout>
=20
@@ -1457,13 +1457,13 @@
 	  <sect5 id=3D"network-wireless-wpa-eap-ttls">
 	    <title>WPA with EAP-TTLS</title>
=20
=2D	    <para>With EAP-TLS both the authentication server and the
=2D	      client need a certificate, with EAP-TTLS (EAP-Tunneled
+	    <para>With <acronym>EAP-TLS</acronym> both the authentication server =
and the
+	      client need a certificate, with <acronym>EAP-TTLS</acronym> (<acron=
ym>EAP</acronym>-Tunneled
 	      Transport Layer Security) a client certificate is
 	      optional.  This method is close to what some secure web
=2D	      sites do , where the web server can create a secure SSL
+	      sites do, where the web server can create a secure <acronym>SSL</ac=
ronym>
 	      tunnel even if the visitors do not have client-side
=2D	      certificates.  EAP-TTLS will use the encrypted TLS
+	      certificates.  <acronym>EAP-TTLS</acronym> will use the encrypted <=
acronym>TLS</acronym>
 	      tunnel for safe transport of the authentication
 	      data.</para>
=20
@@ -1484,31 +1484,31 @@
=20
 	    <calloutlist>
 	      <callout arearefs=3D"co-ttls-eap">
=2D		<para>In this field, we mention the EAP method for our
+		<para>In this field, we mention the <acronym>EAP</acronym> method for our
 		  connection.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-ttls-id">
 		<para>The <literal>identity</literal> field contains
=2D		  the identity string for EAP authentication inside
=2D		  the encrypted TLS tunnel.</para>
+		  the identity string for <acronym>EAP</acronym> authentication inside
+		  the encrypted <acronym>TLS</acronym> tunnel.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-ttls-passwd">
 		<para>The <literal>password</literal> field contains
=2D		  the passphrase for the EAP authentication.</para>
+		  the passphrase for the <acronym>EAP</acronym> authentication.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-ttls-cacert">
 		<para>The <literal>ca_cert</literal> field indicates
=2D		  the pathname of the CA certificate file.  This file
+		  the pathname of the <acronym>CA</acronym> certificate file.  This file
 		  is needed to verify the server certificat.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-ttls-pha2">
 		<para>In this field, we mention the authentication
=2D		  method used in the encrypted TLS tunnel.  In our
=2D		  case, EAP with MD5-Challenge has been used.  The
+		  method used in the encrypted <acronym>TLS</acronym> tunnel.  In our
+		  case, <acronym>EAP</acronym> with <acronym>MD5</acronym>-Challenge has=
 been used.  The
 		  <quote>inner authentication</quote> phase is often
 		  called <quote>phase2</quote>.</para>
 	      </callout>
@@ -1542,29 +1542,29 @@
 	  <sect5 id=3D"network-wireless-wpa-eap-peap">
 	    <title>WPA with EAP-PEAP</title>
=20
=2D	    <para>PEAP (Protected EAP) has been designed as an
=2D	      alternative to EAP-TTLS.  There are two types of PEAP
=2D	      methods, the most common one is PEAPv0/EAP-MSCHAPv2.  In
=2D	      the rest of this document, we will use the PEAP term to
=2D	      refer to that EAP method.  PEAP is the most used EAP
=2D	      standard after EAP-TLS, in other words if you have a
=2D	      network with mixed OSes, PEAP should be the most
=2D	      supported standard after EAP-TLS.</para>
=2D
=2D	    <para>PEAP is similar to EAP-TTLS: it uses a server-side
+	    <para><acronym>PEAP</acronym> (Protected <acronym>EAP)</acronym> has =
been designed as an
+	      alternative to <acronym>EAP-TTLS</acronym>.  There are two types of=
 <acronym>PEAP</acronym>
+	      methods, the most common one is <acronym>PEAPv0</acronym>/<acronym>=
EAP-MSCHAPv2</acronym>.  In
+	      the rest of this document, we will use the <acronym>PEAP</acronym> =
term to
+	      refer to that <acronym>EAP</acronym> method.  <acronym>PEAP</acrony=
m> is the most used <acronym>EAP</acronym>
+	      standard after <acronym>EAP-TLS</acronym>, in other words if you ha=
ve a
+	      network with mixed OSes, <acronym>PEAP</acronym> should be the most
+	      supported standard after <acronym>EAP-TLS</acronym>.</para>
+
+	    <para><acronym>PEAP</acronym> is similar to <acronym>EAP-TTLS</acrony=
m>: it uses a server-side
 	      certificate to authenticate clients by creating an
=2D	      encrypted TLS tunnel between the client and the
+	      encrypted <acronym>TLS</acronym> tunnel between the client and the
 	      authentication server, which protects the ensuing
 	      exchange of authentication information.  In term of
=2D	      security the difference between EAP-TTLS and PEAP is
=2D	      that PEAP authentication broadcasts the username in
=2D	      clear, only the password is sent in the encrypted TLS
=2D	      tunnel.  EAP-TTLS will use the TLS tunnel for both
+	      security the difference between <acronym>EAP-TTLS</acronym> and <ac=
ronym>PEAP</acronym> is
+	      that <acronym>PEAP</acronym> authentication broadcasts the username=
 in
+	      clear, only the password is sent in the encrypted <acronym>TLS</acr=
onym>
+	      tunnel.  <acronym>EAP-TTLS</acronym> will use the <acronym>TLS</acr=
onym> tunnel for both
 	      username and password.</para>
=20
 	    <para>We have to edit the
 	      <filename>/etc/wpa_supplicant.conf</filename> file and
=2D	      add the EAP-PEAP related settings:</para>
+	      add the <acronym>EAP-PEAP</acronym> related settings:</para>
=20
 	    <programlisting>network=3D{
   ssid=3D"freebsdap"
@@ -1580,30 +1580,30 @@
=20
 	    <calloutlist>
 	      <callout arearefs=3D"co-peap-eap">
=2D		<para>In this field, we mention the EAP method for our
+		<para>In this field, we mention the <acronym>EAP</acronym> method for our
 		  connection.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-peap-id">
 		<para>The <literal>identity</literal> field contains
=2D		  the identity string for EAP authentication inside
=2D		  the encrypted TLS tunnel.</para>
+		  the identity string for <acronym>EAP</acronym> authentication inside
+		  the encrypted <acronym>TLS</acronym> tunnel.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-peap-passwd">
 		<para>The <literal>password</literal> field contains
=2D		  the passphrase for the EAP authentication.</para>
+		  the passphrase for the <acronym>EAP</acronym> authentication.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-peap-cacert">
 		<para>The <literal>ca_cert</literal> field indicates
=2D		  the pathname of the CA certificate file.  This file
+		  the pathname of the <acronym>CA</acronym> certificate file.  This file
 		  is needed to verify the server certificat.</para>
 	      </callout>
=20
 	      <callout arearefs=3D"co-peap-pha1">
 		<para>This field contains the parameters for the
=2D		  first phase of the authentication (the TLS
+		  first phase of the authentication (the <acronym>TLS</acronym>
 		  tunnel).  According to the authentication server
 		  used, you will have to specify a specific label
 		  for the authentication.  Most of time, the label
@@ -1615,8 +1615,8 @@
=20
 	      <callout arearefs=3D"co-peap-pha2">
 		<para>In this field, we mention the authentication
=2D		  protocol used in the encrypted TLS tunnel.  In the
=2D		  case of PEAP, it is
+		  protocol used in the encrypted <acronym>TLS</acronym> tunnel.  In the
+		  case of <acronym>PEAP</acronym>, it is
 		  <literal>auth=3DMSCHAPV2</literal>.</para>
 	      </callout>
 	    </calloutlist>
@@ -1650,7 +1650,7 @@
 	<sect4 id=3D"network-wireless-wep">
 	  <title>WEP</title>
=20
=2D	  <para>WEP (Wired Equivalent Privacy) is part of the original
+	  <para><acronym>WEP</acronym> (Wired Equivalent Privacy) is part of the =
original
 	    802.11 standard.  There is no authentication mechanism,
 	    only a weak form of access control, and it is easily to be
 	    cracked.</para>
@@ -1663,7 +1663,7 @@
=20
 	  <itemizedlist>
 	    <listitem>
=2D	      <para>The <literal>weptxkey</literal> means which WEP
+	      <para>The <literal>weptxkey</literal> means which <acronym>WEP</acr=
onym>
 		key will be used in the transmission.  Here we used the
 		third key.  This must match the setting in the access
 		point.  If you do not have any idea of what is the key
@@ -1674,7 +1674,7 @@
=20
 	    <listitem>
 	      <para>The <literal>wepkey</literal> means setting the
=2D		selected WEP key.  It should in the format
+		selected <acronym>WEP</acronym> key.  It should in the format
 		<replaceable>index:key</replaceable>, if the index is
 		not given, key <literal>1</literal> is set.  That is
 		to say we need to set the index if we use keys other
@@ -1692,7 +1692,7 @@
 	    page for further information.</para>
=20
 	  <para>The <command>wpa_supplicant</command> facility also
=2D	    can be used to configure your wireless interface with WEP.
+	    can be used to configure your wireless interface with <acronym>WEP</a=
cronym>.
 	    The example above can be set up by adding the following
 	    lines to
 	    <filename>/etc/wpa_supplicant.conf</filename>:</para>
@@ -1716,11 +1716,11 @@
     <sect2>
       <title>Ad-hoc Mode</title>
=20
=2D      <para>IBSS mode, also called ad-hoc mode, is designed for point
+      <para><acronym>IBSS</acronym> mode, also called ad-hoc mode, is desi=
gned for point
 	to point connections.  For example, to establish an ad-hoc
 	network between the machine <hostid>A</hostid> and the machine
 	<hostid>B</hostid> we will just need to choose two IP adresses
=2D	and a SSID.</para>
+	and a <acronym>SSID</acronym>.</para>
=20
       <para>On the box <hostid>A</hostid>:</para>
=20
@@ -1736,7 +1736,7 @@
 	  authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen>
=20
       <para>The <literal>adhoc</literal> parameter indicates the
=2D	interface is running in the IBSS mode.</para>
+	interface is running in the <acronym>IBSS</acronym> mode.</para>
=20
       <para>On <hostid>B</hostid>, we should be able to detect
 	<hostid>A</hostid>:</para>
@@ -1769,14 +1769,14 @@
       <title>&os; Host Access Points</title>
=20
       <para>&os; can act as an Access Point (AP) which eliminates the
=2D	need to buy a hardware AP or run an ad-hoc network.  This can be
+	need to buy a hardware <acronym>AP</acronym> or run an ad-hoc network.  T=
his can be
 	particularly useful when your &os; machine is acting as a
 	gateway to another network (e.g., the Internet).</para>
=20
       <sect3 id=3D"network-wireless-ap-basic">
 	<title>Basic Settings</title>
=20
=2D	<para>Before configuring your &os; machine as an AP, the
+	<para>Before configuring your &os; machine as an <acronym>AP</acronym>, t=
he
 	  kernel must be configured with the appropriate wireless
 	  networking support for your wireless card.  You also have to
 	  add the support for the security protocols you intend to
@@ -1785,8 +1785,8 @@
=20
 	<note>
 	  <para>The use of the NDIS driver wrapper and the &windows;
=2D	    drivers do not allow currently the AP operation.  Only
=2D	    native &os; wireless drivers support AP mode.</para>
+	    drivers do not allow currently the <acronym>AP</acronym> operation.  =
Only
+	    native &os; wireless drivers support <acronym>AP</acronym> mode.</par=
a>
 	</note>
=20
 	<para>Once the wireless networking support is loaded, you can
@@ -1799,12 +1799,12 @@
 	<para>This output displays the card capabilities; the
 	  <literal>HOSTAP</literal> word confirms this wireless card
 	  can act as an Access Point.  Various supported ciphers are
=2D	  also mentioned: WEP, TKIP, WPA2, etc., these informations
+	  also mentioned: <acronym>WEP</acronym>, <acronym>TKIP</acronym>, <acron=
ym>WPA2</acronym>, etc., these informations
 	  are important to know what security protocols could be set
 	  on the Access Point.</para>
=20
 	<para>The wireless device can now be put into hostap mode and
=2D	  configured with the correct SSID and IP address:</para>
+	  configured with the correct <acronym>SSID</acronym> and IP address:</pa=
ra>
=20
 	<screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable>=
 ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap</userin=
put> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.2=
55.255.0</replaceable></screen>
=20
@@ -1836,12 +1836,12 @@
 	<title>Host-based Access Point without Authentication or
 	  Encryption</title>
=20
=2D	<para>Although it is not recommended to run an AP without any
+	<para>Although it is not recommended to run an <acronym>AP</acronym> with=
out any
 	  authentication or encryption, this is a simple way to check
=2D	  if your AP is working.  This configuration is also important
+	  if your <acronym>AP</acronym> is working.  This configuration is also i=
mportant
 	  for debugging client issues.</para>
=20
=2D	<para>Once the AP configured as previously shown, it is
+	<para>Once the <acronym>AP</acronym> configured as previously shown, it is
 	  possible from another wireless machine to initiate a scan to
 	  find the AP:</para>
=20
@@ -1868,17 +1868,17 @@
 	<title>WPA Host-based Access Point</title>
=20
 	<para>This section will focus on setting up &os; Access Point
=2D	  using the WPA security protocol.  More details regarding WPA
=2D	  and the configuration of WPA-based wireless clients can be
+	  using the <acronym>WPA</acronym> security protocol.  More details regar=
ding <acronym>WPA</acronym>
+	  and the configuration of <acronym>WPA</acronym>-based wireless clients =
can be
 	  found in the <xref linkend=3D"network-wireless-wpa">.</para>
=20
 	<para>The <application>hostapd</application> daemon is used to
 	  deal with client authentication and keys management on the
=2D	  WPA enabled Access Point.</para>
+	  <acronym>WPA</acronym> enabled Access Point.</para>
=20
 	<para>In the following, all the configuration operations will
=2D	  be performed on the &os; machine acting as AP.  Once the
=2D	  AP is correctly working, <application>hostapd</application>
+	  be performed on the &os; machine acting as <acronym>AP</acronym>.  Once=
 the
+	  <acronym>AP</acronym> is correctly working, <application>hostapd</appli=
cation>
 	  should be automatically enabled at boot with the following
 	  line in <filename>/etc/rc.conf</filename>:</para>
=20
@@ -1892,7 +1892,7 @@
 	<sect4>
 	  <title>WPA-PSK</title>
=20
=2D	  <para>WPA-PSK is intended for small networks where the use
+	  <para><acronym>WPA-PSK</acronym> is intended for small networks where t=
he use
 	    of an backend authentication server is not possible or
 	    desired.</para>
=20
@@ -1944,14 +1944,14 @@
=20
 	    <callout arearefs=3D"co-ap-wpapsk-wpa">
 	      <para>The <literal>wpa</literal> field enables WPA and
=2D		specifies which WPA authentication protocol will be
+		specifies which <acronym>WPA</acronym> authentication protocol will be
 		required.  A value of <literal>1</literal> configures the
 		AP for WPA-PSK.</para>
 	    </callout>
=20
 	    <callout arearefs=3D"co-ap-wpapsk-pass">
 	      <para>The <literal>wpa_passphrase</literal> field
=2D		contains the ASCII passphrase for the WPA
+		contains the <acronym>ASCII</acronym> passphrase for the <acronym>WPA</a=
cronym>
 		authentication.</para>
=20
 	      <warning>
@@ -1964,17 +1964,17 @@
 	    <callout arearefs=3D"co-ap-wpapsk-kmgmt">
 	      <para>The <literal>wpa_key_mgmt</literal> line refers to
 		the key management protocol we use.  In our case it is
=2D		WPA-PSK.</para>
+		<acronym>WPA-PSK</acronym>.</para>
 	    </callout>
=20
 	    <callout arearefs=3D"co-ap-wpapsk-pwise">
 	      <para>The <literal>wpa_pairwise</literal> field
 		indicates the set of accepted encryption algorithms by
=2D		the Access Point.  Here both TKIP (WPA) and CCMP
=2D		(WPA2) ciphers are accepted.  CCMP cipher is an
=2D		alternative to TKIP and that is strongly preferred
=2D		when possible; TKIP should be used solely for stations
=2D		incapable of doing CCMP.</para>
+		the Access Point.  Here both <acronym>TKIP</acronym> (<acronym>WPA</acro=
nym>) and <acronym>CCMP</acronym>
+		(<acronym>WPA2</acronym>) ciphers are accepted.  <acronym>CCMP</acronym>=
 cipher is an
+		alternative to <acronym>TKIP</acronym> and that is strongly preferred
+		when possible; <acronym>TKIP</acronym> should be used solely for stations
+		incapable of doing <acronym>CCMP</acronym>.</para>
 	    </callout>
 	  </calloutlist>
=20
@@ -1996,7 +1996,7 @@
 	<para>The Access Point is running, the clients can now be
 	  associated with it, see <xref
 	  linkend=3D"network-wireless-wpa"> for more details.  It is
=2D	  possible to see the stations associated with the AP using
+	  possible to see the stations associated with the <acronym>AP</acronym> =
using
 	  the <command>ifconfig <replaceable>ath0</replaceable> list
 	  sta</command> command.</para>
 	</sect4>
@@ -2005,22 +2005,22 @@
       <sect3>
 	<title>WEP Host-based Access Point</title>
=20
=2D	<para>It is not recommended to use WEP for setting up an
+	<para>It is not recommended to use <acronym>WEP</acronym> for setting up =
an
 	  Access Point since there is no authentication mechanism and
 	  it is easily to be cracked.  Some legacy wireless cards only
=2D	  support WEP as security protocol, these cards will only
=2D	  allow to set up AP without authentication or encryption or
=2D	  using the WEP protocol.</para>
+	  support <acronym>WEP</acronym> as security protocol, these cards will o=
nly
+	  allow to set up <acronym>AP</acronym> without authentication or encrypt=
ion or
+	  using the <acronym>WEP</acronym> protocol.</para>
=20
 	<para>The wireless device can now be put into hostap mode and
=2D	  configured with the correct SSID and IP address:</para>
+	  configured with the correct <acronym>SSID</acronym> and IP address:</pa=
ra>
=20
 	<screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable>=
 ssid <replaceable>freebsdap</replaceable> wepmode on weptxkey 3 wepkey 3:0=
x3456789012 mode 11g mediaopt hostap \
 	inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.=
255.0</replaceable></userinput></screen>
=20
 	<itemizedlist>
 	  <listitem>
=2D	    <para>The <literal>weptxkey</literal> means which WEP
+	    <para>The <literal>weptxkey</literal> means which <acronym>WEP</acron=
ym>
 	      key will be used in the transmission.  Here we used the
 	      third key (note that the key numbering starts with
 	      <literal>1</literal>).  This parameter must be specified
@@ -2029,7 +2029,7 @@
=20
 	  <listitem>
 	    <para>The <literal>wepkey</literal> means setting the
=2D	      selected WEP key.  It should in the format
+	      selected <acronym>WEP</acronym> key.  It should in the format
 	      <replaceable>index:key</replaceable>, if the index is
 	      not given, key <literal>1</literal> is set.  That is
 	      to say we need to set the index if we use keys other
@@ -2084,7 +2084,7 @@
 	    access point.  This includes the authentication scheme and
 	    any security protocols.  Simplify your configuration as
 	    much as possible.  If you are using a security protocol
=2D	    such as WPA or WEP configure the access point for open
+	    such as <acronym>WPA</acronym> or <acronym>WEP</acronym> configure th=
e access point for open
 	    authentication and no security to see if you can get
 	    traffic to pass.</para>
 	</listitem>
@@ -3245,7 +3245,7 @@
 	<varlistentry><term>lacp</term>
=20
 	<listitem>
=2D	<para>Supports the IEEE 802.3ad Link Aggregation Control Protocol
+	<para>Supports the <acronym>IEEE</acronym> 802.3ad Link Aggregation Contr=
ol Protocol
 	  (LACP) and the Marker Protocol. LACP will negotiate a set of
 	  aggregable links with the peer in to one or more Link Aggregated
 	  Groups. Each LAG is composed of ports of the same speed, set to
%%%

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEARECAAYFAklALNoACgkQ1g+UGjGGA7ZefQCglaTBlUE99vJNTJ9dS6RGnA0h
YrMAnjtcsxCvoCxHc05JqGKYVQ6EIapU
=UEDQ
-----END PGP SIGNATURE-----
--=-=-=--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?871vwfn418.fsf>