Re: ESSID ietf-v6only at IETF 100 - security
Alexandre Petrescu <alexandre.petrescu@gmail.com> Tue, 14 November 2017 06:59 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 026FF129470 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 22:59:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.633
X-Spam-Level:
X-Spam-Status: No, score=-2.633 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4vl-vkADxbC for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 22:59:13 -0800 (PST)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9337127977 for <ipv6@ietf.org>; Mon, 13 Nov 2017 22:59:12 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id vAE6xAU1189730; Tue, 14 Nov 2017 07:59:10 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 38C3720118E; Tue, 14 Nov 2017 07:59:10 +0100 (CET)
Received: from muguet1.intra.cea.fr (muguet1.intra.cea.fr [132.166.192.6]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 2B8FF200B5D; Tue, 14 Nov 2017 07:59:10 +0100 (CET)
Received: from [132.166.84.60] ([132.166.84.60]) by muguet1.intra.cea.fr (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id vAE6x7GM017704; Tue, 14 Nov 2017 07:59:09 +0100
Subject: Re: ESSID ietf-v6only at IETF 100 - security
To: Warren Kumari <warren@kumari.net>
Cc: IPv6 <ipv6@ietf.org>
References: <acd854c7-8bd2-781e-6d0d-b15bb62c48e2@gmail.com> <CAHw9_iKoYrfuf_UjBeVw+=cCD9Kuc4+zPPsR1kqrxAAza59qXg@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <88d14301-f417-da89-a526-954f44149af8@gmail.com>
Date: Tue, 14 Nov 2017 07:59:07 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <CAHw9_iKoYrfuf_UjBeVw+=cCD9Kuc4+zPPsR1kqrxAAza59qXg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/1uybNhFyJ7Q2k75eXc5FYP4fhjQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:59:15 -0000
Le 14/11/2017 à 07:24, Warren Kumari a écrit : [...] > Nope. We have the legacy SSIDs because some people apparently had > issues connecting to encrypted SSIDs (because of old OS / broken > wpa_supplicant, etc) - this wasn't issue with certs, but rather > providing a solution for those who are unable to do WPA enterprise / > have old cards, etc. Well - sorry, but all these reasons seem light for me. I have Windows 7 which is not old. Updated regularly from Microsoft and from employer IT. The WPA_supplicant comes from original. It is widely accepted at many other hotspots. My laptop is very well able to do WPA enterprise, and WPA2 Enterprise. The laptop is a Dell E7440, 2 or 3 years old. I dont accept to call that old. What makes laptops old is when they break; they often break because of mechanically moving parts like hd, but this one is SSD. Rather, I suspect there is a preference at the Access Point to favorise Macintosh variations of WiFi Clients, rather than Windows. I also wonder why my Windows complains that the cert emmitted by IETF is "not configured as a valid anchor". Should I manually install that cert? If so, that is little reasonable to ask. Alex > There was an assertion made that some people were not using nat64 and > were using ietf-legacy were easier, and so there should be parity, and > so the ietf-nat64-unencrypted was created. > We are changing the name of the ietf-legacyXXX network at each meeting > because we don't people who connected to it at a previous meeting to > become sticky to it and keep joining -- it requires a specific action at > each meeting for the user to choose the unencrypted network -- we'd all > prefer that people use the encrypted network... > > > > And yes, my VPN FortiClient works ok on ietf-nat64-unencrypted. > > > > > Alex > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org <mailto:ipv6@ietf.org> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > <https://www.ietf.org/mailman/listinfo/ipv6> > -------------------------------------------------------------------- > > > > > -- > I don't think the execution is relevant when it was obviously a bad idea > in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair of > pants. > ---maf
- Re: ESSID ietf-v6only at IETF 100 Suresh Krishnan
- ESSID ietf-v6only at IETF 100 Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 Warren Kumari
- Re: ESSID ietf-v6only at IETF 100 - security Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 - security Brian E Carpenter
- Re: ESSID ietf-v6only at IETF 100 - security Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 - security joel jaeggli
- Re: ESSID ietf-nat64-unencrypted at IETF 100 Alexandre Petrescu