Hi, > > Do Not Verify Server Cert and we won't verify yours :) > > ^^^^^^^^^^^^^^^^^^^^^^^^^ > > I recall some email threads with the NOC about this sentence. It's IMHO > not a message the IETF should promote. > > > I believe there's a reasonable amount of support for opportunistic > encryption in the IETF. > > The desired incremental delta between the "ietf" open SSID and the > "ietf.1x" encrypted SSID is the addition of encryption. The additional > validation of "is this really the IETF" has been a non-goal. > > It's appropriate for organizations with different goals to have > different policies. Sure. Adding the authentication is not difficult though if you already went through the pain of a RADIUS server setup. Basically, a few lines of HTML description of the network give you all the extra goodness. IOW, the incremental delta between doing 1X poorly and doing 1X correctly is small. So why not? Those who only want encryption can continue to ignore the cert. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0x8A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature