Re: Security for the IETF wireless network
Stefan Winter <stefan.winter@restena.lu> Fri, 25 July 2014 14:22 UTC
Return-Path: <stefan.winter@restena.lu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54BA91B28E1 for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 07:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, WEIRD_PORT=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TkLVatBs4knn for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 07:22:12 -0700 (PDT)
Received: from smptrelay.restena.lu (smtprelay.restena.lu [IPv6:2001:a18:1::62]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 363E61B292F for <ietf@ietf.org>; Fri, 25 Jul 2014 07:21:53 -0700 (PDT)
Received: from [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7] (unknown [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7]) by smptrelay.restena.lu (Postfix) with ESMTPS id 09EE343A7E; Fri, 25 Jul 2014 16:21:52 +0200 (CEST)
Message-ID: <53D267FF.3060102@restena.lu>
Date: Fri, 25 Jul 2014 16:21:51 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Bill Fenner <fenner@fenron.com>
Subject: Re: Security for the IETF wireless network
References: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org> <53D17359.2030505@gmail.com> <CFF7BAFE.28A14%wesley.george@twcable.com> <53D25789.8000804@restena.lu> <CAATsVbY44t7QvDNe4UcBfM1MpzkphZYCyHPz=Mwax95fSpjmFg@mail.gmail.com>
In-Reply-To: <CAATsVbY44t7QvDNe4UcBfM1MpzkphZYCyHPz=Mwax95fSpjmFg@mail.gmail.com>
X-Enigmail-Version: 1.6
OpenPGP: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="d2VIk79K0S4UNQgqGEc17FfbhPpE0V2XE"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/pkKaOFuNJHbLOIiuADVcTu9hmgk
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 14:22:14 -0000
Hi, > > Do Not Verify Server Cert and we won't verify yours :) > > ^^^^^^^^^^^^^^^^^^^^^^^^^ > > I recall some email threads with the NOC about this sentence. It's IMHO > not a message the IETF should promote. > > > I believe there's a reasonable amount of support for opportunistic > encryption in the IETF. > > The desired incremental delta between the "ietf" open SSID and the > "ietf.1x" encrypted SSID is the addition of encryption. The additional > validation of "is this really the IETF" has been a non-goal. > > It's appropriate for organizations with different goals to have > different policies. Sure. Adding the authentication is not difficult though if you already went through the pain of a RADIUS server setup. Basically, a few lines of HTML description of the network give you all the extra goodness. IOW, the incremental delta between doing 1X poorly and doing 1X correctly is small. So why not? Those who only want encryption can continue to ignore the cert. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network George, Wes
- Re: Security for the IETF wireless network George, Wes
- Hotel networks (Was Re: Security for the IETF wir… Steve Crocker
- Re: Security for the IETF wireless network joel jaeggli
- Re: [90all] Security for the IETF wireless network Randall Gellens
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Tim Wicinski
- Re: [90all] Security for the IETF wireless network Randy Bush
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… joel jaeggli
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… George Michaelson
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network George Michaelson
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network John Levine
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Samuel Weiler
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Niels Dettenbach (Syndicat IT&Internet)
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Melinda Shore
- Re: Security for the IETF wireless network Michael Richardson