IETF Logo Mail Archive

Re: Security for the IETF wireless network

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 25 July 2014 14:24 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C7EE31B2949 for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 07:24:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6-UNsnChpv2G for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 07:24:01 -0700 (PDT)
Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A30FE1B2957 for <ietf@ietf.org>; Fri, 25 Jul 2014 07:23:46 -0700 (PDT)
Received: by mail-wg0-f51.google.com with SMTP id b13so4270110wgh.34 for <ietf@ietf.org>; Fri, 25 Jul 2014 07:23:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=OL3ov0IpdQqFC5rBxJDVvM197qTtLLGr3XWGp8SmsvM=; b=iKl31zKlzO8G8amF0trdt6IBzV4+CPXCNrDBlK2xj60ZrNkdj7XK0HkqCDgz0Kazsz EL7HnZ9C+Qpu2587yQ4y6urb9bZVecPyGOt1CUoMJjpTT72Hc450EeQ2h4t77ChYgSnk jKv4BvSG8MBE5/8BdBdYTOEJO+9Sv8VLyIMHhbg/r51Nco2jKRAd/+rwQdYXE56WqJjW vjGkrBVlT3TJuUyBuwCwkPoN0x025C/r1coeTABnRkfutT1ewgfq1d29S+QQSwGq9c9Q V1puu7es06eyeV81hBjTiVWhVmFukBxSs6ZKS9+wP06xQafDk8z3RnBH+VGIjnRYn6Ge a4XQ==
X-Received: by 10.181.5.39 with SMTP id cj7mr5592488wid.79.1406298225254; Fri, 25 Jul 2014 07:23:45 -0700 (PDT)
Received: from [31.133.160.177] (dhcp-a0b1.meeting.ietf.org. [31.133.160.177]) by mx.google.com with ESMTPSA id ch5sm25687385wjb.18.2014.07.25.07.23.43 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 25 Jul 2014 07:23:44 -0700 (PDT)
Message-ID: <53D2687A.8030608@gmail.com>
Date: Sat, 26 Jul 2014 02:23:54 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Bill Fenner <fenner@fenron.com>
Subject: Re: Security for the IETF wireless network
References: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org> <53D17359.2030505@gmail.com> <CFF7BAFE.28A14%wesley.george@twcable.com> <53D25789.8000804@restena.lu> <CAATsVbY44t7QvDNe4UcBfM1MpzkphZYCyHPz=Mwax95fSpjmFg@mail.gmail.com>
In-Reply-To: <CAATsVbY44t7QvDNe4UcBfM1MpzkphZYCyHPz=Mwax95fSpjmFg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/b80OgDod11aUm60HUMeC0OWYZHs
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 14:24:04 -0000

On 26/07/2014 02:12, Bill Fenner wrote:
> On Fri, Jul 25, 2014 at 9:11 AM, Stefan Winter <stefan.winter@restena.lu>
> wrote:
> 
>> Hi,
>>
>>> To use 802.1X:
>>>
>>> Associate to SSID: ietf.1x OR ietf-a.1x
>>> Use TTLS or PEAP/MSCHAPv2
>>> Do Not Verify Server Cert and we won't verify yours :)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^
>> I recall some email threads with the NOC about this sentence. It's IMHO
>> not a message the IETF should promote.
>>
> 
> I believe there's a reasonable amount of support for opportunistic
> encryption in the IETF.
> 
> The desired incremental delta between the "ietf" open SSID and the
> "ietf.1x" encrypted SSID is the addition of encryption.  The additional
> validation of "is this really the IETF" has been a non-goal.

Fair enough. But that doesn't change the fact that my box doesn't
work that way by default and apparently I have to find out how
to override it. Being human, I reverted to the unencrypted network
instead.

    Brian

v2.23.0 | Report a Bug | By Email