Re: Security for the IETF wireless network

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 25, 2014 at 10:23 AM, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
On 26/07/2014 02:12, Bill Fenner wrote:
> On Fri, Jul 25, 2014 at 9:11 AM, Stefan Winter <stefan.winter@xxxxxxxxxx>
> wrote:
>
>> Hi,
>>
>>> To use 802.1X:
>>>
>>> Associate to SSID: ietf.1x OR ietf-a.1x
>>> Use TTLS or PEAP/MSCHAPv2
>>> Do Not Verify Server Cert and we won't verify yours :)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>> I recall some email threads with the NOC about this sentence. It's IMHO
>> not a message the IETF should promote.
>>
>
> I believe there's a reasonable amount of support for opportunistic
> encryption in the IETF.
>
> The desired incremental delta between the "ietf" open SSID and the
> "ietf.1x" encrypted SSID is the addition of encryption.  The additional
> validation of "is this really the IETF" has been a non-goal.

Fair enough. But that doesn't change the fact that my box doesn't
work that way by default and apparently I have to find out how
to override it. Being human, I reverted to the unencrypted network
instead.

Sorry, I assumed that this was just an annoying dialog and there was a checkbox for "do it anyway".  We will have to find a way to manage the usability on Windows, whether that means "buy a cert from someone who is in Microsoft's default trust list too" or "provide instructions for Windows users" or what.

  Bill 


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]