Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 10 Dec 2008 13:10:31 -0800
From:      "Murray Stokely" <murray@stokely.org>
To:        "Giorgos Keramidas" <keramida@freebsd.org>
Cc:        freebsd-doc@freebsd.org
Subject:   Re: [PATCH] Adding <acronym> elements to wlan Handbook section
Message-ID:  <2a7894eb0812101310v2123a452q26b0e07630e7f209@mail.gmail.com>
In-Reply-To: <871vwfn418.fsf@kobe.laptop>
References:  <871vwfn418.fsf@kobe.laptop>

next in thread | previous in thread | raw e-mail | index | archive | help
Is the stylesheet now smart enough to only markup the first occurrence
differently?  I seem to recall these could get distracting if all
instances of an acronym are replaced (either with hyperlinks to
definition, or bold, or however we are currently rendering them).

                  - Murray

On Wed, Dec 10, 2008 at 12:55 PM, Giorgos Keramidas
<keramida@freebsd.org> wrote:
> The wireless networking section is one of those I've been translating
> lately, and I noticed that it includes *many* acronyms (AP, BSS, SSID,
> IBSS, WPA, WEP, PSK, TKIP, and so on).  The acronyms are practically
> everywhere, so adding <acronym> tags to them directly into CVS may not
> be a very gentle thing to do.
>
> So here it is, in diff format for your pleasure.  Does anyone have
> objections to the patch attached below?
>
> [NOTE: I haven't wrapped any lines, to keep the patch more readable, but
> I know already that some of the touched lines may need a bit of wrap &
> filling after the patch goes in.]
>
> %%%
> diff -r 749797edbbed en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml
> --- a/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml   Wed Dec 10 22:03:19 2008 +0200
> +++ b/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml   Wed Dec 10 22:50:29 2008 +0200
> @@ -21,7 +21,7 @@
>       </listitem>
>
>       <listitem>
> -       <para>How to set up IEEE 802.11 and &bluetooth; devices.</para>
> +       <para>How to set up <acronym>IEEE</acronym> 802.11 and &bluetooth; devices.</para>
>       </listitem>
>
>       <listitem>
> @@ -700,7 +700,7 @@
>     <sect2>
>       <title>Wireless Networking Basics</title>
>
> -      <para>Most wireless networks are based on the IEEE 802.11
> +      <para>Most wireless networks are based on the <acronym>IEEE</acronym> 802.11
>        standards.  A basic wireless network consists of multiple
>        stations communicating with radios that broadcast in either
>        the 2.4GHz or 5GHz band (though this varies according to the
> @@ -710,19 +710,19 @@
>       <para>802.11 networks are organized in two ways: in
>        <emphasis>infrastructure mode</emphasis> one station acts as a
>        master with all the other stations associating to it; the
> -       network is known as a BSS and the master station is termed an
> -       access point (AP).  In a BSS all communication passes through
> -       the AP; even when one station wants to communicate with
> -       another wireless station messages must go through the AP.  In
> +       network is known as a <acronym>BSS</acronym> and the master station is termed an
> +       access point (<acronym>AP</acronym>).  In a <acronym>BSS</acronym> all communication passes through
> +       the <acronym>AP</acronym>; even when one station wants to communicate with
> +       another wireless station messages must go through the <acronym>AP</acronym>.  In
>        the second form of network there is no master and stations
> -       communicate directly.  This form of network is termed an IBSS
> +       communicate directly.  This form of network is termed an <acronym>IBSS</acronym>
>        and is commonly known as an <emphasis>ad-hoc
>        network</emphasis>.</para>
>
>       <para>802.11 networks were first deployed in the 2.4GHz band
> -       using protocols defined by the IEEE 802.11 and 802.11b
> +       using protocols defined by the <acronym>IEEE</acronym> 802.11 and 802.11b
>        standard.  These specifications include the operating
> -       frequencies, MAC layer characteristics including framing and
> +       frequencies, <acronym>MAC</acronym> layer characteristics including framing and
>        transmission rates (communication can be done at various
>        rates).  Later the 802.11a standard defined operation in the
>        5GHz band, including different signalling mechanisms and
> @@ -734,51 +734,51 @@
>       <para>Separate from the underlying transmission techniques
>        802.11 networks have a variety of security mechanisms.  The
>        original 802.11 specifications defined a simple security
> -       protocol called WEP. This protocol uses a fixed pre-shared key
> +       protocol called <acronym>WEP</acronym>. This protocol uses a fixed pre-shared key
>        and the RC4 cryptographic cipher to encode data transmitted on
>        a network.  Stations must all agree on the fixed key in order
>        to communicate.  This scheme was shown to be easily broken and
>        is now rarely used except to discourage transient users from
>        joining networks.  Current security practice is given by the
> -       IEEE 802.11i specification that defines new cryptographic
> +       <acronym>IEEE</acronym> 802.11i specification that defines new cryptographic
>        ciphers and an additional protocol to authenticate stations to
>        an access point and exchange keys for doing data
>        communication.  Further, cryptographic keys are periodically
>        refreshed and there are mechanisms for detecting intrusion
>        attempts (and for countering intrusion attempts).  Another
>        security protocol specification commonly used in wireless
> -       networks is termed WPA.  This was a precursor to 802.11i
> +       networks is termed <acronym>WPA</acronym>.  This was a precursor to 802.11i
>        defined by an industry group as an interim measure while
> -       waiting for 802.11i to be ratified.  WPA specifies a subset of
> +       waiting for 802.11i to be ratified.  <acronym>WPA</acronym> specifies a subset of
>        the requirements found in 802.11i and is designed for
> -       implementation on legacy hardware.  Specifically WPA requires
> -       only the TKIP cipher that is derived from the original WEP
> -       cipher.  802.11i permits use of TKIP but also requires support
> -       for a stronger cipher, AES-CCM, for encrypting data.  (The AES
> -       cipher was not required in WPA because it was deemed too
> +       implementation on legacy hardware.  Specifically <acronym>WPA</acronym> requires
> +       only the <acronym>TKIP</acronym> cipher that is derived from the original <acronym>WEP</acronym>
> +       cipher.  802.11i permits use of <acronym>TKIP</acronym> but also requires support
> +       for a stronger cipher, <acronym>AES-CCM</acronym>, for encrypting data.  (The <acronym>AES</acronym>
> +       cipher was not required in <acronym>WPA</acronym> because it was deemed too
>        computationally costly to be implemented on legacy
>        hardware.)</para>
>
>       <para>Other than the above protocol standards the other
>        important standard to be aware of is 802.11e.  This defines
>        protocols for deploying multi-media applications such as
> -       streaming video and voice over IP (VoIP) in an 802.11 network.
> +       streaming video and voice over IP (<acronym>VoIP</acronym>) in an 802.11 network.
>        Like 802.11i, 802.11e also has a precursor specification
> -       termed WME (later renamed WMM) that has been defined by an
> +       termed <acronym>WME</acronym> (later renamed <acronym>WMM</acronym>) that has been defined by an
>        industry group as a subset of 802.11e that can be deployed now
>        to enable multi-media applications while waiting for the final
>        ratification of 802.11e.  The most important thing to know
> -       about 802.11e and WME/WMM is that it enables prioritized
> +       about 802.11e and <acronym>WME</acronym>/<acronym>WMM</acronym> is that it enables prioritized
>        traffic use of a wireless network through Quality of Service
>        (QoS) protocols and enhanced media access protocols.  Proper
>        implementation of these protocols enable high speed bursting
>        of data and prioritized traffic flow.</para>
>
>       <para>Since the 6.0 version, &os; supports networks that operate
> -       using 802.11a, 802.11b, and 802.11g.  The WPA and 802.11i
> +       using 802.11a, 802.11b, and 802.11g.  The <acronym>WPA</acronym> and 802.11i
>        security protocols are likewise supported (in conjunction with
>        any of 11a, 11b, and 11g) and QoS and traffic prioritization
> -       required by the WME/WMM protocols are supported for a limited
> +       required by the <acronym>WME</acronym>/<acronym>WMM</acronym> protocols are supported for a limited
>        set of wireless devices.</para>
>     </sect2>
>
> @@ -901,7 +901,7 @@
>     <sect2>
>       <title>Infrastructure Mode</title>
>
> -      <para>The infrastructure mode or BSS mode is the mode that is
> +      <para>The infrastructure mode or <acronym>BSS</acronym> mode is the mode that is
>        typically used.  In this mode, a number of wireless access
>        points are connected to a wired network.  Each wireless
>        network has its own name, this name is called the SSID of the
> @@ -935,7 +935,7 @@
>          <para>The output of a scan request lists each BSS/IBSS
>            network found.  Beside the name of the network,
>            <literal>SSID</literal>, we find the
> -           <literal>BSSID</literal> which is the MAC address of the
> +           <literal>BSSID</literal> which is the <acronym>MAC</acronym> address of the
>            access point.  The <literal>CAPS</literal> field
>            identifies the type of each network and the capabilities
>            of the stations operating there:</para>
> @@ -945,9 +945,9 @@
>              <term><literal>E</literal></term>
>
>              <listitem>
> -               <para>Extended Service Set (ESS).  Indicates that the
> +               <para>Extended Service Set (<acronym>ESS</acronym>).  Indicates that the
>                  station is part of an infrastructure network (in
> -                 contrast to an IBSS/ad-hoc network).</para>
> +                 contrast to an <acronym>IBSS</acronym>/ad-hoc network).</para>
>              </listitem>
>            </varlistentry>
>
> @@ -955,8 +955,8 @@
>              <term><literal>I</literal></term>
>
>              <listitem>
> -               <para>IBSS/ad-hoc network.  Indicates that the station
> -                 is part of an ad-hoc network (in contrast to an ESS
> +               <para><acronym>IBSS</acronym>/ad-hoc network.  Indicates that the station
> +                 is part of an ad-hoc network (in contrast to an <acronym>ESS</acronym>
>                  network).</para>
>              </listitem>
>            </varlistentry>
> @@ -966,9 +966,9 @@
>
>              <listitem>
>                <para>Privacy.  Data confidentiality is required for
> -                 all data frames exchanged within the BSS.  This means
> -                 that this BSS requires the station to use
> -                 cryptographic means such as WEP, TKIP or AES-CCMP to
> +                 all data frames exchanged within the <acronym>BSS</acronym>.  This means
> +                 that this <acronym>BSS</acronym> requires the station to use
> +                 cryptographic means such as <acronym>WEP</acronym>, <acronym>TKIP</acronym> or <acronym>AES-CCMP</acronym> to
>                  encrypt/decrypt data frames being exchanged with
>                  others.</para>
>              </listitem>
> @@ -1037,7 +1037,7 @@
>
>            <para>If there are multiple access points and you want to
>              select a specific one, you can select it by its
> -             SSID:</para>
> +             <acronym>SSID</acronym>:</para>
>
>            <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting>
>
> @@ -1045,8 +1045,8 @@
>              points with the same SSID (often done to simplify
>              roaming) it may be necessary to associate to one
>              specific device.  In this case you can also specify the
> -             BSSID of the access point (you can also leave off the
> -             SSID):</para>
> +             <acronym>BSSID</acronym> of the access point (you can also leave off the
> +             <acronym>SSID</acronym>):</para>
>
>            <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> bssid <replaceable>xx:xx:xx:xx:xx:xx</replaceable> DHCP"</programlisting>
>
> @@ -1084,16 +1084,16 @@
>              Other schemes require cryptographic handshakes be
>              completed before data traffic can flow; either using
>              pre-shared keys or secrets, or more complex schemes that
> -             involve backend services such as RADIUS.  Most users
> +             involve backend services such as <acronym>RADIUS</acronym>.  Most users
>              will use open authentication which is the default
> -             setting.  Next most common setup is WPA-PSK, also known
> -             as WPA Personal, which is described <link
> +             setting.  Next most common setup is <acronym>WPA-PSK</acronym>, also known
> +             as <acronym>WPA</acronym> Personal, which is described <link
>              linkend="network-wireless-wpa-wpa-psk">below</link>.</para>
>
>            <note>
>              <para>If you have an &apple; &airport; Extreme base
>                station for an access point you may need to configure
> -               shared-key authentication together with a WEP key.
> +               shared-key authentication together with a <acronym>WEP</acronym> key.
>                This can be done in the
>                <filename>/etc/rc.conf</filename> file or using the
>                &man.wpa.supplicant.8; program.  If you have a single
> @@ -1103,12 +1103,12 @@
>              <programlisting>ifconfig_ath0="authmode shared wepmode on weptxkey <replaceable>1</replaceable> wepkey <replaceable>01234567</replaceable> DHCP"</programlisting>
>
>              <para>In general shared key authentication is to be
> -               avoided because it uses the WEP key material in a
> +               avoided because it uses the <acronym>WEP</acronym> key material in a
>                highly-constrained manner making it even easier to
> -               crack the key.  If WEP must be used (e.g., for
> +               crack the key.  If <acronym>WEP</acronym> must be used (e.g., for
>                compatibility with legacy devices) it is better to use
> -               WEP with <literal>open</literal> authentication.  More
> -               information regarding WEP can be found in the <xref
> +               <acronym>WEP</acronym> with <literal>open</literal> authentication.  More
> +               information regarding <acronym>WEP</acronym> can be found in the <xref
>                linkend="network-wireless-wep">.</para>
>            </note>
>          </sect5>
> @@ -1119,7 +1119,7 @@
>            <para>Once you have selected an access point and set the
>              authentication parameters, you will have to get an IP
>              address to communicate.  Most of time you will obtain
> -             your wireless IP address via DHCP.  To achieve that,
> +             your wireless IP address via <acronym>DHCP</acronym>.  To achieve that,
>              simply edit <filename>/etc/rc.conf</filename> and add
>              <literal>DHCP</literal> to the configuration for your
>              device as shown in various examples above:</para>
> @@ -1149,7 +1149,7 @@
>              are connected to the wireless network (to the
>              <literal>dlinkap</literal> network in our case).  The
>              <literal>bssid 00:13:46:49:41:76</literal> part is the
> -             MAC address of your access point; the
> +             <acronym>MAC</acronym> address of your access point; the
>              <literal>authmode</literal> line informs you that the
>              communication is not encrypted
>              (<literal>OPEN</literal>).</para>
> @@ -1159,7 +1159,7 @@
>            <title>Static IP Address</title>
>
>            <para>In the case you cannot obtain an IP address from a
> -             DHCP server, you can set a fixed IP address.  Replace
> +             <acronym>DHCP</acronym> server, you can set a fixed IP address.  Replace
>              the <literal>DHCP</literal> keyword shown above with the
>              address information.  Be sure to retain any other
>              parameters you have set up for selecting an access
> @@ -1172,34 +1172,34 @@
>        <sect4 id="network-wireless-wpa">
>          <title>WPA</title>
>
> -         <para>WPA (Wi-Fi Protected Access) is a security protocol
> +         <para><acronym>WPA</acronym> (Wi-Fi Protected Access) is a security protocol
>            used together with 802.11 networks to address the lack of
>            proper authentication and the weakness of <link
> -           linkend="network-wireless-wep">WEP</link>.  WPA leverages
> +           linkend="network-wireless-wep">WEP</link>.  <acronym>WPA</acronym> leverages
>            the 802.1X authentication protocol and uses one of several
> -           ciphers instead of WEP for data integrity.  The only
> -           cipher required by WPA is TKIP (Temporary Key Integrity
> +           ciphers instead of <acronym>WEP</acronym> for data integrity.  The only
> +           cipher required by <acronym>WPA</acronym> is <acronym>TKIP</acronym> (Temporary Key Integrity
>            Protocol) which is a cipher that extends the basic RC4
> -           cipher used by WEP by adding integrity checking, tamper
> +           cipher used by <acronym>WEP</acronym> by adding integrity checking, tamper
>            detection, and measures for responding to any detected
> -           intrusions.  TKIP is designed to work on legacy hardware
> +           intrusions.  <acronym>TKIP</acronym> is designed to work on legacy hardware
>            with only software modification; it represents a
>            compromise that improves security but is still not
> -           entirely immune to attack.  WPA also specifies the
> -           AES-CCMP cipher as an alternative to TKIP and that is
> +           entirely immune to attack.  <acronym>WPA</acronym> also specifies the
> +           <acronym>AES-CCMP</acronym> cipher as an alternative to <acronym>TKIP</acronym> and that is
>            preferred when possible; for this specification the term
> -           WPA2 (or RSN) is commonly used.</para>
> -
> -         <para>WPA defines authentication and encryption protocols.
> +           <acronym>WPA2</acronym> (or <acronym>RSN</acronym>) is commonly used.</para>
> +
> +         <para><acronym>WPA</acronym> defines authentication and encryption protocols.
>            Authentication is most commonly done using one of two
>            techniques: by 802.1X and a backend authentication service
> -           such as RADIUS, or by a minimal handshake between the
> +           such as <acronym>RADIUS</acronym>, or by a minimal handshake between the
>            station and the access point using a pre-shared secret.
> -           The former is commonly termed WPA Enterprise with the
> -           latter known as WPA Personal.  Since most people will not
> -           set up a RADIUS backend server for wireless network,
> -           WPA-PSK is by far the most commonly encountered
> -           configuration for WPA.</para>
> +           The former is commonly termed <acronym>WPA</acronym> Enterprise with the
> +           latter known as <acronym>WPA</acronym> Personal.  Since most people will not
> +           set up a <acronym>RADIUS</acronym> backend server for wireless network,
> +           <acronym>WPA-PSK</acronym> is by far the most commonly encountered
> +           configuration for <acronym>WPA</acronym>.</para>
>
>          <para>The control of the wireless connection and the
>            authentication (key negotiation or authentication with a
> @@ -1212,11 +1212,11 @@
>          <sect5 id="network-wireless-wpa-wpa-psk">
>            <title>WPA-PSK</title>
>
> -           <para>WPA-PSK also known as WPA-Personal is based on a
> -             pre-shared key (PSK) generated from a given password and
> +           <para><acronym>WPA-PSK</acronym> also known as WPA-Personal is based on a
> +             pre-shared key (<acronym>PSK</acronym>) generated from a given password and
>              that will be used as the master key in the wireless
>              network.  This means every wireless user will share the
> -             same key.  WPA-PSK is intended for small networks where
> +             same key.  <acronym>WPA-PSK</acronym> is intended for small networks where
>              the use of an authentication server is not possible or
>              desired.</para>
>
> @@ -1237,8 +1237,8 @@
>
>            <para>Then, in <filename>/etc/rc.conf</filename>, we
>              indicate that the wireless device configuration will be
> -             done with WPA and the IP address will be obtained with
> -             DHCP:</para>
> +             done with <acronym>WPA</acronym> and the IP address will be obtained with
> +             <acronym>DHCP</acronym>:</para>
>
>            <programlisting>ifconfig_ath0="WPA DHCP"</programlisting>
>
> @@ -1274,7 +1274,7 @@
>
>            <para>The next operation is the launch of the
>              <command>dhclient</command> command to get the IP
> -             address from the DHCP server:</para>
> +             address from the <acronym>DHCP</acronym> server:</para>
>
>            <screen>&prompt.root; <userinput>dhclient <replaceable>ath0</replaceable></userinput>
>  DHCPREQUEST on ath0 to 255.255.255.255 port 67
> @@ -1301,7 +1301,7 @@
>                keys.</para>
>            </note>
>
> -           <para>In the case where the use of DHCP is not possible,
> +           <para>In the case where the use of <acronym>DHCP</acronym> is not possible,
>              you can set a static IP address after
>              <command>wpa_supplicant</command> has authenticated the
>              station:</para>
> @@ -1318,7 +1318,7 @@
>       authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36
>       protmode CTS roaming MANUAL bintval 100</screen>
>
> -           <para>When DHCP is not used, you also have to manually set
> +           <para>When <acronym>DHCP</acronym> is not used, you also have to manually set
>              up the default gateway and the nameserver:</para>
>
>            <screen>&prompt.root; <userinput>route add default <replaceable>your_default_router</replaceable></userinput>
> @@ -1328,29 +1328,29 @@
>          <sect5 id="network-wireless-wpa-eap-tls">
>            <title>WPA with EAP-TLS</title>
>
> -           <para>The second way to use WPA is with an 802.1X backend
> -             authentication server, in this case WPA is called
> -             WPA-Enterprise to make difference with the less secure
> -             WPA-Personal with its pre-shared key.  The
> -             authentication in WPA-Enterprise is based on EAP
> +           <para>The second way to use <acronym>WPA</acronym> is with an 802.1X backend
> +             authentication server, in this case <acronym>WPA</acronym> is called
> +             <acronym>WPA</acronym>-Enterprise to make difference with the less secure
> +             <acronym>WPA</acronym>-Personal with its pre-shared key.  The
> +             authentication in <acronym>WPA</acronym>-Enterprise is based on <acronym>EAP</acronym>
>              (Extensible Authentication Protocol).</para>
>
> -           <para>EAP does not come with an encryption method, it was
> -             decided to embed EAP inside an encrypted tunnel.  Many
> -             types of EAP authentication methods have been designed,
> -             the most common methods are EAP-TLS, EAP-TTLS and
> -             EAP-PEAP.</para>
> -
> -           <para>EAP-TLS (EAP with Transport Layer Security) is a
> +           <para><acronym>EAP</acronym> does not come with an encryption method, it was
> +             decided to embed <acronym>EAP</acronym> inside an encrypted tunnel.  Many
> +             types of <acronym>EAP</acronym> authentication methods have been designed,
> +             the most common methods are <acronym>EAP-TLS</acronym>, <acronym>EAP-TTLS</acronym> and
> +             <acronym>EAP-PEAP</acronym>.</para>
> +
> +           <para><acronym>EAP-TLS</acronym> (<acronym>EAP</acronym> with Transport Layer Security) is a
>              very well-supported authentication protocol in the
> -             wireless world since it was the first EAP method to be
> +             wireless world since it was the first <acronym>EAP</acronym> method to be
>              certified by the <ulink
>              url="http://www.wi-fi.org/">Wi-Fi alliance</ulink>.
> -             EAP-TLS will require three certificates to run: the CA
> +             <acronym>EAP-TLS</acronym> will require three certificates to run: the <acronym>CA</acronym>
>              certificate (installed on all machines), the server
>              certificate for your authentication server, and one
>              client certificate for each wireless client.  In this
> -             EAP method, both authentication server and wireless
> +             <acronym>EAP</acronym> method, both authentication server and wireless
>              client authenticate each other in presenting their
>              respective certificates, and they verify that these
>              certificates were signed by your organization's
> @@ -1378,30 +1378,30 @@
>              </callout>
>
>              <callout arearefs="co-tls-proto">
> -               <para>Here, we use RSN (IEEE 802.11i) protocol, i.e.,
> +               <para>Here, we use <acronym>RSN</acronym> (<acronym>IEEE</acronym> 802.11i) protocol, i.e.,
>                  WPA2.</para>
>              </callout>
>
>              <callout arearefs="co-tls-kmgmt">
>                <para>The <literal>key_mgmt</literal> line refers to
>                  the key management protocol we use.  In our case it
> -                 is WPA using EAP authentication:
> +                 is <acronym>WPA</acronym> using <acronym>EAP</acronym> authentication:
>                  <literal>WPA-EAP</literal>.</para>
>              </callout>
>
>              <callout arearefs="co-tls-eap">
> -               <para>In this field, we mention the EAP method for our
> +               <para>In this field, we mention the <acronym>EAP</acronym> method for our
>                  connection.</para>
>              </callout>
>
>              <callout arearefs="co-tls-id">
>                <para>The <literal>identity</literal> field contains
> -                 the identity string for EAP.</para>
> +                 the identity string for <acronym>EAP</acronym>.</para>
>              </callout>
>
>              <callout arearefs="co-tls-cacert">
>                <para>The <literal>ca_cert</literal> field indicates
> -                 the pathname of the CA certificate file.  This file
> +                 the pathname of the <acronym>CA</acronym> certificate file.  This file
>                  is needed to verify the server certificat.</para>
>              </callout>
>
> @@ -1457,13 +1457,13 @@
>          <sect5 id="network-wireless-wpa-eap-ttls">
>            <title>WPA with EAP-TTLS</title>
>
> -           <para>With EAP-TLS both the authentication server and the
> -             client need a certificate, with EAP-TTLS (EAP-Tunneled
> +           <para>With <acronym>EAP-TLS</acronym> both the authentication server and the
> +             client need a certificate, with <acronym>EAP-TTLS</acronym> (<acronym>EAP</acronym>-Tunneled
>              Transport Layer Security) a client certificate is
>              optional.  This method is close to what some secure web
> -             sites do , where the web server can create a secure SSL
> +             sites do, where the web server can create a secure <acronym>SSL</acronym>
>              tunnel even if the visitors do not have client-side
> -             certificates.  EAP-TTLS will use the encrypted TLS
> +             certificates.  <acronym>EAP-TTLS</acronym> will use the encrypted <acronym>TLS</acronym>
>              tunnel for safe transport of the authentication
>              data.</para>
>
> @@ -1484,31 +1484,31 @@
>
>            <calloutlist>
>              <callout arearefs="co-ttls-eap">
> -               <para>In this field, we mention the EAP method for our
> +               <para>In this field, we mention the <acronym>EAP</acronym> method for our
>                  connection.</para>
>              </callout>
>
>              <callout arearefs="co-ttls-id">
>                <para>The <literal>identity</literal> field contains
> -                 the identity string for EAP authentication inside
> -                 the encrypted TLS tunnel.</para>
> +                 the identity string for <acronym>EAP</acronym> authentication inside
> +                 the encrypted <acronym>TLS</acronym> tunnel.</para>
>              </callout>
>
>              <callout arearefs="co-ttls-passwd">
>                <para>The <literal>password</literal> field contains
> -                 the passphrase for the EAP authentication.</para>
> +                 the passphrase for the <acronym>EAP</acronym> authentication.</para>
>              </callout>
>
>              <callout arearefs="co-ttls-cacert">
>                <para>The <literal>ca_cert</literal> field indicates
> -                 the pathname of the CA certificate file.  This file
> +                 the pathname of the <acronym>CA</acronym> certificate file.  This file
>                  is needed to verify the server certificat.</para>
>              </callout>
>
>              <callout arearefs="co-ttls-pha2">
>                <para>In this field, we mention the authentication
> -                 method used in the encrypted TLS tunnel.  In our
> -                 case, EAP with MD5-Challenge has been used.  The
> +                 method used in the encrypted <acronym>TLS</acronym> tunnel.  In our
> +                 case, <acronym>EAP</acronym> with <acronym>MD5</acronym>-Challenge has been used.  The
>                  <quote>inner authentication</quote> phase is often
>                  called <quote>phase2</quote>.</para>
>              </callout>
> @@ -1542,29 +1542,29 @@
>          <sect5 id="network-wireless-wpa-eap-peap">
>            <title>WPA with EAP-PEAP</title>
>
> -           <para>PEAP (Protected EAP) has been designed as an
> -             alternative to EAP-TTLS.  There are two types of PEAP
> -             methods, the most common one is PEAPv0/EAP-MSCHAPv2.  In
> -             the rest of this document, we will use the PEAP term to
> -             refer to that EAP method.  PEAP is the most used EAP
> -             standard after EAP-TLS, in other words if you have a
> -             network with mixed OSes, PEAP should be the most
> -             supported standard after EAP-TLS.</para>
> -
> -           <para>PEAP is similar to EAP-TTLS: it uses a server-side
> +           <para><acronym>PEAP</acronym> (Protected <acronym>EAP)</acronym> has been designed as an
> +             alternative to <acronym>EAP-TTLS</acronym>.  There are two types of <acronym>PEAP</acronym>
> +             methods, the most common one is <acronym>PEAPv0</acronym>/<acronym>EAP-MSCHAPv2</acronym>.  In
> +             the rest of this document, we will use the <acronym>PEAP</acronym> term to
> +             refer to that <acronym>EAP</acronym> method.  <acronym>PEAP</acronym> is the most used <acronym>EAP</acronym>
> +             standard after <acronym>EAP-TLS</acronym>, in other words if you have a
> +             network with mixed OSes, <acronym>PEAP</acronym> should be the most
> +             supported standard after <acronym>EAP-TLS</acronym>.</para>
> +
> +           <para><acronym>PEAP</acronym> is similar to <acronym>EAP-TTLS</acronym>: it uses a server-side
>              certificate to authenticate clients by creating an
> -             encrypted TLS tunnel between the client and the
> +             encrypted <acronym>TLS</acronym> tunnel between the client and the
>              authentication server, which protects the ensuing
>              exchange of authentication information.  In term of
> -             security the difference between EAP-TTLS and PEAP is
> -             that PEAP authentication broadcasts the username in
> -             clear, only the password is sent in the encrypted TLS
> -             tunnel.  EAP-TTLS will use the TLS tunnel for both
> +             security the difference between <acronym>EAP-TTLS</acronym> and <acronym>PEAP</acronym> is
> +             that <acronym>PEAP</acronym> authentication broadcasts the username in
> +             clear, only the password is sent in the encrypted <acronym>TLS</acronym>
> +             tunnel.  <acronym>EAP-TTLS</acronym> will use the <acronym>TLS</acronym> tunnel for both
>              username and password.</para>
>
>            <para>We have to edit the
>              <filename>/etc/wpa_supplicant.conf</filename> file and
> -             add the EAP-PEAP related settings:</para>
> +             add the <acronym>EAP-PEAP</acronym> related settings:</para>
>
>            <programlisting>network={
>   ssid="freebsdap"
> @@ -1580,30 +1580,30 @@
>
>            <calloutlist>
>              <callout arearefs="co-peap-eap">
> -               <para>In this field, we mention the EAP method for our
> +               <para>In this field, we mention the <acronym>EAP</acronym> method for our
>                  connection.</para>
>              </callout>
>
>              <callout arearefs="co-peap-id">
>                <para>The <literal>identity</literal> field contains
> -                 the identity string for EAP authentication inside
> -                 the encrypted TLS tunnel.</para>
> +                 the identity string for <acronym>EAP</acronym> authentication inside
> +                 the encrypted <acronym>TLS</acronym> tunnel.</para>
>              </callout>
>
>              <callout arearefs="co-peap-passwd">
>                <para>The <literal>password</literal> field contains
> -                 the passphrase for the EAP authentication.</para>
> +                 the passphrase for the <acronym>EAP</acronym> authentication.</para>
>              </callout>
>
>              <callout arearefs="co-peap-cacert">
>                <para>The <literal>ca_cert</literal> field indicates
> -                 the pathname of the CA certificate file.  This file
> +                 the pathname of the <acronym>CA</acronym> certificate file.  This file
>                  is needed to verify the server certificat.</para>
>              </callout>
>
>              <callout arearefs="co-peap-pha1">
>                <para>This field contains the parameters for the
> -                 first phase of the authentication (the TLS
> +                 first phase of the authentication (the <acronym>TLS</acronym>
>                  tunnel).  According to the authentication server
>                  used, you will have to specify a specific label
>                  for the authentication.  Most of time, the label
> @@ -1615,8 +1615,8 @@
>
>              <callout arearefs="co-peap-pha2">
>                <para>In this field, we mention the authentication
> -                 protocol used in the encrypted TLS tunnel.  In the
> -                 case of PEAP, it is
> +                 protocol used in the encrypted <acronym>TLS</acronym> tunnel.  In the
> +                 case of <acronym>PEAP</acronym>, it is
>                  <literal>auth=MSCHAPV2</literal>.</para>
>              </callout>
>            </calloutlist>
> @@ -1650,7 +1650,7 @@
>        <sect4 id="network-wireless-wep">
>          <title>WEP</title>
>
> -         <para>WEP (Wired Equivalent Privacy) is part of the original
> +         <para><acronym>WEP</acronym> (Wired Equivalent Privacy) is part of the original
>            802.11 standard.  There is no authentication mechanism,
>            only a weak form of access control, and it is easily to be
>            cracked.</para>
> @@ -1663,7 +1663,7 @@
>
>          <itemizedlist>
>            <listitem>
> -             <para>The <literal>weptxkey</literal> means which WEP
> +             <para>The <literal>weptxkey</literal> means which <acronym>WEP</acronym>
>                key will be used in the transmission.  Here we used the
>                third key.  This must match the setting in the access
>                point.  If you do not have any idea of what is the key
> @@ -1674,7 +1674,7 @@
>
>            <listitem>
>              <para>The <literal>wepkey</literal> means setting the
> -               selected WEP key.  It should in the format
> +               selected <acronym>WEP</acronym> key.  It should in the format
>                <replaceable>index:key</replaceable>, if the index is
>                not given, key <literal>1</literal> is set.  That is
>                to say we need to set the index if we use keys other
> @@ -1692,7 +1692,7 @@
>            page for further information.</para>
>
>          <para>The <command>wpa_supplicant</command> facility also
> -           can be used to configure your wireless interface with WEP.
> +           can be used to configure your wireless interface with <acronym>WEP</acronym>.
>            The example above can be set up by adding the following
>            lines to
>            <filename>/etc/wpa_supplicant.conf</filename>:</para>
> @@ -1716,11 +1716,11 @@
>     <sect2>
>       <title>Ad-hoc Mode</title>
>
> -      <para>IBSS mode, also called ad-hoc mode, is designed for point
> +      <para><acronym>IBSS</acronym> mode, also called ad-hoc mode, is designed for point
>        to point connections.  For example, to establish an ad-hoc
>        network between the machine <hostid>A</hostid> and the machine
>        <hostid>B</hostid> we will just need to choose two IP adresses
> -       and a SSID.</para>
> +       and a <acronym>SSID</acronym>.</para>
>
>       <para>On the box <hostid>A</hostid>:</para>
>
> @@ -1736,7 +1736,7 @@
>          authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen>
>
>       <para>The <literal>adhoc</literal> parameter indicates the
> -       interface is running in the IBSS mode.</para>
> +       interface is running in the <acronym>IBSS</acronym> mode.</para>
>
>       <para>On <hostid>B</hostid>, we should be able to detect
>        <hostid>A</hostid>:</para>
> @@ -1769,14 +1769,14 @@
>       <title>&os; Host Access Points</title>
>
>       <para>&os; can act as an Access Point (AP) which eliminates the
> -       need to buy a hardware AP or run an ad-hoc network.  This can be
> +       need to buy a hardware <acronym>AP</acronym> or run an ad-hoc network.  This can be
>        particularly useful when your &os; machine is acting as a
>        gateway to another network (e.g., the Internet).</para>
>
>       <sect3 id="network-wireless-ap-basic">
>        <title>Basic Settings</title>
>
> -       <para>Before configuring your &os; machine as an AP, the
> +       <para>Before configuring your &os; machine as an <acronym>AP</acronym>, the
>          kernel must be configured with the appropriate wireless
>          networking support for your wireless card.  You also have to
>          add the support for the security protocols you intend to
> @@ -1785,8 +1785,8 @@
>
>        <note>
>          <para>The use of the NDIS driver wrapper and the &windows;
> -           drivers do not allow currently the AP operation.  Only
> -           native &os; wireless drivers support AP mode.</para>
> +           drivers do not allow currently the <acronym>AP</acronym> operation.  Only
> +           native &os; wireless drivers support <acronym>AP</acronym> mode.</para>
>        </note>
>
>        <para>Once the wireless networking support is loaded, you can
> @@ -1799,12 +1799,12 @@
>        <para>This output displays the card capabilities; the
>          <literal>HOSTAP</literal> word confirms this wireless card
>          can act as an Access Point.  Various supported ciphers are
> -         also mentioned: WEP, TKIP, WPA2, etc., these informations
> +         also mentioned: <acronym>WEP</acronym>, <acronym>TKIP</acronym>, <acronym>WPA2</acronym>, etc., these informations
>          are important to know what security protocols could be set
>          on the Access Point.</para>
>
>        <para>The wireless device can now be put into hostap mode and
> -         configured with the correct SSID and IP address:</para>
> +         configured with the correct <acronym>SSID</acronym> and IP address:</para>
>
>        <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap</userinput> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></screen>
>
> @@ -1836,12 +1836,12 @@
>        <title>Host-based Access Point without Authentication or
>          Encryption</title>
>
> -       <para>Although it is not recommended to run an AP without any
> +       <para>Although it is not recommended to run an <acronym>AP</acronym> without any
>          authentication or encryption, this is a simple way to check
> -         if your AP is working.  This configuration is also important
> +         if your <acronym>AP</acronym> is working.  This configuration is also important
>          for debugging client issues.</para>
>
> -       <para>Once the AP configured as previously shown, it is
> +       <para>Once the <acronym>AP</acronym> configured as previously shown, it is
>          possible from another wireless machine to initiate a scan to
>          find the AP:</para>
>
> @@ -1868,17 +1868,17 @@
>        <title>WPA Host-based Access Point</title>
>
>        <para>This section will focus on setting up &os; Access Point
> -         using the WPA security protocol.  More details regarding WPA
> -         and the configuration of WPA-based wireless clients can be
> +         using the <acronym>WPA</acronym> security protocol.  More details regarding <acronym>WPA</acronym>
> +         and the configuration of <acronym>WPA</acronym>-based wireless clients can be
>          found in the <xref linkend="network-wireless-wpa">.</para>
>
>        <para>The <application>hostapd</application> daemon is used to
>          deal with client authentication and keys management on the
> -         WPA enabled Access Point.</para>
> +         <acronym>WPA</acronym> enabled Access Point.</para>
>
>        <para>In the following, all the configuration operations will
> -         be performed on the &os; machine acting as AP.  Once the
> -         AP is correctly working, <application>hostapd</application>
> +         be performed on the &os; machine acting as <acronym>AP</acronym>.  Once the
> +         <acronym>AP</acronym> is correctly working, <application>hostapd</application>
>          should be automatically enabled at boot with the following
>          line in <filename>/etc/rc.conf</filename>:</para>
>
> @@ -1892,7 +1892,7 @@
>        <sect4>
>          <title>WPA-PSK</title>
>
> -         <para>WPA-PSK is intended for small networks where the use
> +         <para><acronym>WPA-PSK</acronym> is intended for small networks where the use
>            of an backend authentication server is not possible or
>            desired.</para>
>
> @@ -1944,14 +1944,14 @@
>
>            <callout arearefs="co-ap-wpapsk-wpa">
>              <para>The <literal>wpa</literal> field enables WPA and
> -               specifies which WPA authentication protocol will be
> +               specifies which <acronym>WPA</acronym> authentication protocol will be
>                required.  A value of <literal>1</literal> configures the
>                AP for WPA-PSK.</para>
>            </callout>
>
>            <callout arearefs="co-ap-wpapsk-pass">
>              <para>The <literal>wpa_passphrase</literal> field
> -               contains the ASCII passphrase for the WPA
> +               contains the <acronym>ASCII</acronym> passphrase for the <acronym>WPA</acronym>
>                authentication.</para>
>
>              <warning>
> @@ -1964,17 +1964,17 @@
>            <callout arearefs="co-ap-wpapsk-kmgmt">
>              <para>The <literal>wpa_key_mgmt</literal> line refers to
>                the key management protocol we use.  In our case it is
> -               WPA-PSK.</para>
> +               <acronym>WPA-PSK</acronym>.</para>
>            </callout>
>
>            <callout arearefs="co-ap-wpapsk-pwise">
>              <para>The <literal>wpa_pairwise</literal> field
>                indicates the set of accepted encryption algorithms by
> -               the Access Point.  Here both TKIP (WPA) and CCMP
> -               (WPA2) ciphers are accepted.  CCMP cipher is an
> -               alternative to TKIP and that is strongly preferred
> -               when possible; TKIP should be used solely for stations
> -               incapable of doing CCMP.</para>
> +               the Access Point.  Here both <acronym>TKIP</acronym> (<acronym>WPA</acronym>) and <acronym>CCMP</acronym>
> +               (<acronym>WPA2</acronym>) ciphers are accepted.  <acronym>CCMP</acronym> cipher is an
> +               alternative to <acronym>TKIP</acronym> and that is strongly preferred
> +               when possible; <acronym>TKIP</acronym> should be used solely for stations
> +               incapable of doing <acronym>CCMP</acronym>.</para>
>            </callout>
>          </calloutlist>
>
> @@ -1996,7 +1996,7 @@
>        <para>The Access Point is running, the clients can now be
>          associated with it, see <xref
>          linkend="network-wireless-wpa"> for more details.  It is
> -         possible to see the stations associated with the AP using
> +         possible to see the stations associated with the <acronym>AP</acronym> using
>          the <command>ifconfig <replaceable>ath0</replaceable> list
>          sta</command> command.</para>
>        </sect4>
> @@ -2005,22 +2005,22 @@
>       <sect3>
>        <title>WEP Host-based Access Point</title>
>
> -       <para>It is not recommended to use WEP for setting up an
> +       <para>It is not recommended to use <acronym>WEP</acronym> for setting up an
>          Access Point since there is no authentication mechanism and
>          it is easily to be cracked.  Some legacy wireless cards only
> -         support WEP as security protocol, these cards will only
> -         allow to set up AP without authentication or encryption or
> -         using the WEP protocol.</para>
> +         support <acronym>WEP</acronym> as security protocol, these cards will only
> +         allow to set up <acronym>AP</acronym> without authentication or encryption or
> +         using the <acronym>WEP</acronym> protocol.</para>
>
>        <para>The wireless device can now be put into hostap mode and
> -         configured with the correct SSID and IP address:</para>
> +         configured with the correct <acronym>SSID</acronym> and IP address:</para>
>
>        <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap \
>        inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput></screen>
>
>        <itemizedlist>
>          <listitem>
> -           <para>The <literal>weptxkey</literal> means which WEP
> +           <para>The <literal>weptxkey</literal> means which <acronym>WEP</acronym>
>              key will be used in the transmission.  Here we used the
>              third key (note that the key numbering starts with
>              <literal>1</literal>).  This parameter must be specified
> @@ -2029,7 +2029,7 @@
>
>          <listitem>
>            <para>The <literal>wepkey</literal> means setting the
> -             selected WEP key.  It should in the format
> +             selected <acronym>WEP</acronym> key.  It should in the format
>              <replaceable>index:key</replaceable>, if the index is
>              not given, key <literal>1</literal> is set.  That is
>              to say we need to set the index if we use keys other
> @@ -2084,7 +2084,7 @@
>            access point.  This includes the authentication scheme and
>            any security protocols.  Simplify your configuration as
>            much as possible.  If you are using a security protocol
> -           such as WPA or WEP configure the access point for open
> +           such as <acronym>WPA</acronym> or <acronym>WEP</acronym> configure the access point for open
>            authentication and no security to see if you can get
>            traffic to pass.</para>
>        </listitem>
> @@ -3245,7 +3245,7 @@
>        <varlistentry><term>lacp</term>
>
>        <listitem>
> -       <para>Supports the IEEE 802.3ad Link Aggregation Control Protocol
> +       <para>Supports the <acronym>IEEE</acronym> 802.3ad Link Aggregation Control Protocol
>          (LACP) and the Marker Protocol. LACP will negotiate a set of
>          aggregable links with the peer in to one or more Link Aggregated
>          Groups. Each LAG is composed of ports of the same speed, set to
> %%%
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2a7894eb0812101310v2123a452q26b0e07630e7f209>