Re: ESSID ietf-v6only at IETF 100 - security
joel jaeggli <joelja@bogus.com> Tue, 14 November 2017 07:32 UTC
Return-Path: <joelja@bogus.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 812D0124B18 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 23:32:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gV3cFr6DvC2O for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 23:32:09 -0800 (PST)
Received: from nagasaki.bogus.com (nagasaki.bogus.com [IPv6:2001:418:1::81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8CDE21294A1 for <ipv6@ietf.org>; Mon, 13 Nov 2017 23:32:06 -0800 (PST)
Received: from dhcp-88cf.meeting.ietf.org (dhcp-88cf.meeting.ietf.org [31.133.136.207]) (authenticated bits=0) by nagasaki.bogus.com (8.15.2/8.15.2) with ESMTPSA id vAE7W223030901 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 14 Nov 2017 07:32:04 GMT (envelope-from joelja@bogus.com)
Subject: Re: ESSID ietf-v6only at IETF 100 - security
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>, Warren Kumari <warren@kumari.net>
Cc: IPv6 <ipv6@ietf.org>
References: <acd854c7-8bd2-781e-6d0d-b15bb62c48e2@gmail.com> <CAHw9_iKoYrfuf_UjBeVw+=cCD9Kuc4+zPPsR1kqrxAAza59qXg@mail.gmail.com> <88d14301-f417-da89-a526-954f44149af8@gmail.com>
From: joel jaeggli <joelja@bogus.com>
Message-ID: <15e70479-ea25-6031-dec6-01189a233a37@bogus.com>
Date: Tue, 14 Nov 2017 15:31:28 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:56.0) Gecko/20100101 Thunderbird/56.0
MIME-Version: 1.0
In-Reply-To: <88d14301-f417-da89-a526-954f44149af8@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/QbLuB3qgE_43NuiwoQXpfTHVEJs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 07:32:10 -0000
On 11/14/17 14:59, Alexandre Petrescu wrote: > > > Le 14/11/2017 à 07:24, Warren Kumari a écrit : > [...] > >> Nope. We have the legacy SSIDs because some people apparently had >> issues connecting to encrypted SSIDs (because of old OS / broken >> wpa_supplicant, etc) - this wasn't issue with certs, but rather >> providing a solution for those who are unable to do WPA enterprise / >> have old cards, etc. > > Well - sorry, but all these reasons seem light for me. > > I have Windows 7 which is not old. Updated regularly from Microsoft and > from employer IT. Mainstream support ended January 13, 2015. It works, if you were looking for a more streamlined experience, the user experience has improved a bit since then, it has not been backported. > The WPA_supplicant comes from original. It is widely accepted at many > other hotspots. > > My laptop is very well able to do WPA enterprise, and WPA2 Enterprise. > > The laptop is a Dell E7440, 2 or 3 years old. I dont accept to call > that old. What makes laptops old is when they break; they often break > because of mechanically moving parts like hd, but this one is SSD. > > Rather, I suspect there is a preference at the Access Point to favorise > Macintosh variations of WiFi Clients, rather than Windows. There's no obvious basis for that assertion. > I also wonder why my Windows complains that the cert emmitted by IETF is > "not configured as a valid anchor". Should I manually install that > cert? If so, that is little reasonable to ask. https://tickets.meeting.ietf.org/wiki/IETF100network https://802.1x-config.org/?idp=137&profile=101 > Alex > >> There was an assertion made that some people were not using nat64 >> and were using ietf-legacy were easier, and so there should be parity, >> and so the ietf-nat64-unencrypted was created. >> We are changing the name of the ietf-legacyXXX network at each meeting >> because we don't people who connected to it at a previous meeting to >> become sticky to it and keep joining -- it requires a specific action >> at each meeting for the user to choose the unencrypted network -- we'd >> all prefer that people use the encrypted network... >> >> >> >> And yes, my VPN FortiClient works ok on ietf-nat64-unencrypted. >> >> >> >> >> Alex >> >> >> >> -------------------------------------------------------------------- >> IETF IPv6 working group mailing list >> ipv6@ietf.org <mailto:ipv6@ietf.org> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 >> <https://www.ietf.org/mailman/listinfo/ipv6> >> -------------------------------------------------------------------- >> >> >> >> >> -- >> I don't think the execution is relevant when it was obviously a bad >> idea in the first place. >> This is like putting rabid weasels in your pants, and later expressing >> regret at having chosen those particular rabid weasels and that pair >> of pants. >> ---maf > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- Re: ESSID ietf-v6only at IETF 100 Suresh Krishnan
- ESSID ietf-v6only at IETF 100 Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 Warren Kumari
- Re: ESSID ietf-v6only at IETF 100 - security Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 - security Brian E Carpenter
- Re: ESSID ietf-v6only at IETF 100 - security Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 - security joel jaeggli
- Re: ESSID ietf-nat64-unencrypted at IETF 100 Alexandre Petrescu