On 26/07/2014 02:12, Bill Fenner wrote:
> On Fri, Jul 25, 2014 at 9:11 AM, Stefan Winter <stefan.winter@xxxxxxxxxx>
> wrote:
>
>> Hi,
>>
>>> To use 802.1X:
>>>
>>> Associate to SSID: ietf.1x OR ietf-a.1x
>>> Use TTLS or PEAP/MSCHAPv2
>>> Do Not Verify Server Cert and we won't verify yours :)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>> I recall some email threads with the NOC about this sentence. It's IMHO
>> not a message the IETF should promote.
>>
>
> I believe there's a reasonable amount of support for opportunistic
> encryption in the IETF.
>
> The desired incremental delta between the "ietf" open SSID and the
> "ietf.1x" encrypted SSID is the addition of encryption. The additional
> validation of "is this really the IETF" has been a non-goal.
Fair enough. But that doesn't change the fact that my box doesn't
work that way by default and apparently I have to find out how
to override it. Being human, I reverted to the unencrypted network
instead.
Brian