On Fri, Jul 25, 2014 at 9:11 AM, Stefan Winter <stefan.winter@xxxxxxxxxx> wrote:
Hi,
I recall some email threads with the NOC about this sentence. It's IMHO
> To use 802.1X:
>
> Associate to SSID: ietf.1x OR ietf-a.1x
> Use TTLS or PEAP/MSCHAPv2
> Do Not Verify Server Cert and we won't verify yours :)
> ^^^^^^^^^^^^^^^^^^^^^^^^^
not a message the IETF should promote.
I believe there's a reasonable amount of support for opportunistic encryption in the IETF.
The desired incremental delta between the "ietf" open SSID and the "ietf.1x" encrypted SSID is the addition of encryption. The additional validation of "is this really the IETF" has been a non-goal.
It's appropriate for organizations with different goals to have different policies.
Bill