On 7/12/2017 8:55 PM, Randy Bush wrote:
> defense in depth. you do what you can on every link and layer.
The problem with a generic cliche like defense in depth is that there is
not way to judge what's meaningful and useful and what isn't. Obviously
there is defense in depth if I run two anti-virus applications rather
than only one? Oh... there isn't?
And the idea that it's best to do what you can at every layer presumably
means that we need to put checksums back into IPv6?
On the other hand, the basic question of whether one is /positive/ that
all activity is protected by TLS is worth considering (though such
coverage was the premise to my original query.)
On 7/12/2017 11:08 PM, joel jaeggli wrote:
wpa2 enterprise provides forward security, merely using the same
username and password doesn't provide you with the ability to snoop
other traffic.
Oh. So a bad actor having the shared key and being able to wiretap the
key exchange sequences at the startup of other users doesn't represent a
threat? (I'd heard otherwise, but admit to not having researched this
carefully.)
And only WPA2 is supported on the IETF net(s)?
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net