Stefan Winter <stefan.winter@xxxxxxxxxx> wrote:
>> The server "services.meeting.ietf.org" presented a valid certificate
>> issued by "Starfield Class 2 Certification Authority", but "Starfield
>> Class 2 Certification Authority" is not configured as a valid trust
>> anchor for this profile. Further, the server
>> "services.meeting.ietf.org" is not configured as a valid NPS server to
>> connect to for this profile.
> Sure. That's because you should never "just connect" to a IEEE 802.1X
> network. You configure the security properties you expect *first* (i.e.
> install/mark as trusted the CA, the expected server name, the EAP types
> that are supposed to be supported on this network, an anonymous outer
> identity if you like/need) - and *then* you actually connect, and see
> if the server you arrived at is the one you expect.
Yeah, it's all for naught in my opinion.
That's way too hard, and I'm a security geek.
First hop layer-2 security gets me nothing in my opinion.
How does it bind my layer-2 end point to my layer-3 end-point?
I'd rather spend our cycles making SEND deployed than continuing along this
thread.
--
Michael Richardson
-on the road-
Attachment:
pgpe3zLk9eVKD.pgp
Description: PGP signature