Re: Security for the IETF wireless network
Stefan Winter <stefan.winter@restena.lu> Fri, 25 July 2014 15:32 UTC
Return-Path: <stefan.winter@restena.lu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C62091B296B for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 08:32:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZMdgzVVIZJKc for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 08:32:32 -0700 (PDT)
Received: from smtp.restena.lu (legolas.restena.lu [IPv6:2001:a18:1::34]) by ietfa.amsl.com (Postfix) with ESMTP id 8F1CC1B298F for <ietf@ietf.org>; Fri, 25 Jul 2014 08:32:23 -0700 (PDT)
Received: from smtp.restena.lu (localhost [127.0.0.1]) by smtp.restena.lu (Postfix) with ESMTP id 7A7C2F1065; Fri, 25 Jul 2014 17:32:22 +0200 (CEST)
Received: from viper.local (unknown [158.64.15.196]) by smtp.restena.lu (Postfix) with ESMTPSA id E84AC9DD0B; Fri, 25 Jul 2014 17:32:21 +0200 (CEST)
Message-ID: <53D27884.6090508@restena.lu>
Date: Fri, 25 Jul 2014 17:32:20 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Bill Fenner <fenner@fenron.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: Security for the IETF wireless network
References: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org> <53D17359.2030505@gmail.com> <CFF7BAFE.28A14%wesley.george@twcable.com> <53D25789.8000804@restena.lu> <CAATsVbY44t7QvDNe4UcBfM1MpzkphZYCyHPz=Mwax95fSpjmFg@mail.gmail.com> <53D2687A.8030608@gmail.com> <CAATsVbbY7p5bsaFgju+jcsi9WP31=Wnh+Eo0cuJRaCNBuuDZ_w@mail.gmail.com>
In-Reply-To: <CAATsVbbY7p5bsaFgju+jcsi9WP31=Wnh+Eo0cuJRaCNBuuDZ_w@mail.gmail.com>
X-Enigmail-Version: 1.6
OpenPGP: id=8A39DC66
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="RJrGocdkjIJOBPhmI6hqfsIrxQDjHDPWK"
X-Virus-Scanned: ClamAV
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/4PSSBomqMFAoVxTxBOE5IjnmZwU
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 15:32:35 -0000
Hi, > > Sorry, I assumed that this was just an annoying dialog and there was a > checkbox for "do it anyway". We will have to find a way to manage the > usability on Windows, whether that means "buy a cert from someone who > is in Microsoft's default trust list too" or "provide instructions for > Windows users" or what. > A common misunderstanding. There *is no* default trust list for IEEE 802.1X purposes. Even on Microsoft, you have to tick the checkbox on the one CA you trust for this connection. Due to that, whether you paid for a commercial CA's cert or just created a self-signed one doesn't matter; self-signed simply adds the extra step of importing the CA in the first place. Both need the user to TheRightThing(tm). The instruction can be "use this .exe that we provide, it will push the right knobs for you." That's why I mentioned my website which gives you such installers. Stefan
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network George, Wes
- Re: Security for the IETF wireless network George, Wes
- Hotel networks (Was Re: Security for the IETF wir… Steve Crocker
- Re: Security for the IETF wireless network joel jaeggli
- Re: [90all] Security for the IETF wireless network Randall Gellens
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Tim Wicinski
- Re: [90all] Security for the IETF wireless network Randy Bush
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… joel jaeggli
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… George Michaelson
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network George Michaelson
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network John Levine
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Samuel Weiler
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Niels Dettenbach (Syndicat IT&Internet)
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Melinda Shore
- Re: Security for the IETF wireless network Michael Richardson