Re: ESSID ietf-v6only at IETF 100
Warren Kumari <warren@kumari.net> Tue, 14 November 2017 06:24 UTC
Return-Path: <warren@kumari.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0701129439 for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 22:24:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c8WVqrZVWbvd for <ipv6@ietfa.amsl.com>; Mon, 13 Nov 2017 22:24:56 -0800 (PST)
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 273E2129438 for <ipv6@ietf.org>; Mon, 13 Nov 2017 22:24:53 -0800 (PST)
Received: by mail-wm0-x22a.google.com with SMTP id z3so19577423wme.5 for <ipv6@ietf.org>; Mon, 13 Nov 2017 22:24:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=H9ifG+7+k8AhLPLAJxpZr6lumCKKCoTHpN/mnvI0R58=; b=fusbsIr/SyjDcd8Kn8fpbidcdARFT8m8DQ4HVveaeJ9H3N2Usx/UtM22/FZo63AtjM HDz7TFUKSnojoei1ui4h5X+OProopjdhPLybStSjAZQQuBTOhzWbv2pXYYqjtAno1MFj Cg5xtwFsUbwG060wQaH3LShTp5KM5BCpGkACaTpyRp9zB+QG0wMSqxckWPvkcA51crlA YlI5OxFpZYNjXmuGI8tl3R137DVAezzIP/YqUUY2/XJ/jHvpIunUkeJnhzhg3gkzr7bV IWL5TT9kSe3FgdrS45F1qYHq7FrnnMV5rFtvQMIqIe4bXp875540zSn6NJnYAi0rvnAp T17Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=H9ifG+7+k8AhLPLAJxpZr6lumCKKCoTHpN/mnvI0R58=; b=AgglUjRFpDWXl5Yyepxn+YqGmBvR8d8Xq+0WQlRkTeqyR3Ua3MbU1GkVLKgHM3TcbJ hCZIOU6fvMAPcwE+MNbzJQd6MWGxR9EUEdoDJa3TRjj+72RDlKOB+mTUdovGJoYUYrrn k4+4bk6+gPi84bDJVCukZDpmxmJL1Zl8LZjSIVhfu9m9isSQ6eDStLeyKqvMbdmBHwVU jYVh9W0By/4yPpWFiKuBXpRMFBc0dkAgnCX571BoU9tKKehFktkIpaUFhaixX8lukpwq vAJS1OGBoxK8s9Y/az/sWGVyV/6igYFyW7AngQNqbynte+mKJzet1s7X5qhh2qKwczG+ M01A==
X-Gm-Message-State: AJaThX60lBW/1ZE1zMLl6IGrlD1v4z0SpJ2fwtnYoGK92EaCaeDPpFpS uNjlFkPV7it8PjOsZGP5K4KbhenSO0jWnihr4GnTKg==
X-Google-Smtp-Source: AGs4zMZheGW7wW6Tp6IhQu6KeoNMYt9MrrJZDMYCrBqz2Mg2gpbshPAyZmFzgoAi5GVJ/98Wz2kaGtgjV4dzyni+Nxc=
X-Received: by 10.28.191.80 with SMTP id p77mr8868526wmf.85.1510640691448; Mon, 13 Nov 2017 22:24:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.160.149 with HTTP; Mon, 13 Nov 2017 22:24:10 -0800 (PST)
In-Reply-To: <acd854c7-8bd2-781e-6d0d-b15bb62c48e2@gmail.com>
References: <acd854c7-8bd2-781e-6d0d-b15bb62c48e2@gmail.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 14 Nov 2017 14:24:10 +0800
Message-ID: <CAHw9_iKoYrfuf_UjBeVw+=cCD9Kuc4+zPPsR1kqrxAAza59qXg@mail.gmail.com>
Subject: Re: ESSID ietf-v6only at IETF 100
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: IPv6 <ipv6@ietf.org>
Content-Type: multipart/related; boundary="94eb2c074232cc50b7055deb7109"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/UHd1r7en-Vvo8uwFjwC91tlAqjc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 06:24:59 -0000
On Tue, Nov 14, 2017 at 2:03 PM, Alexandre Petrescu < alexandre.petrescu@gmail.com> wrote: > Hi, > > I have problems connecting to the IPv6-only ESSID "ietf-v6only". > > It is a problem of certificates. > > I have this problem on Windows since several IETF meetings; it may not be > related in particular to IPv6. > > The message in the window below says: "The server > services.meeting.ietf.org presented a certifcate valid emitted by > Starfield CA, but that is not configured as a valid anchor to approve this > profile". > > I dont thave this kind of certification refusal problem on ietf-legacy100 > ESSID (and all earlier ietf-legacy), neither on ietf-nat64-unencrypted. > That's because the legacy (and unencrypted) SSIDs are unencrypted and you don't need to talk to a RADIUS server (which presents the certificate) > This ietf-nat64-unencrypted is now appearing first time at IETF. I > suppose people realized there was a problem with certs and created an > 'unencrypted' version. That's not a best practice to fix security :-) > Nope. We have the legacy SSIDs because some people apparently had issues connecting to encrypted SSIDs (because of old OS / broken wpa_supplicant, etc) - this wasn't issue with certs, but rather providing a solution for those who are unable to do WPA enterprise / have old cards, etc. There was an assertion made that some people were not using nat64 and were using ietf-legacy were easier, and so there should be parity, and so the ietf-nat64-unencrypted was created. We are changing the name of the ietf-legacyXXX network at each meeting because we don't people who connected to it at a previous meeting to become sticky to it and keep joining -- it requires a specific action at each meeting for the user to choose the unencrypted network -- we'd all prefer that people use the encrypted network... > And yes, my VPN FortiClient works ok on ietf-nat64-unencrypted. > > > > > Alex > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Re: ESSID ietf-v6only at IETF 100 Suresh Krishnan
- ESSID ietf-v6only at IETF 100 Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 Warren Kumari
- Re: ESSID ietf-v6only at IETF 100 - security Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 - security Brian E Carpenter
- Re: ESSID ietf-v6only at IETF 100 - security Alexandre Petrescu
- Re: ESSID ietf-v6only at IETF 100 - security joel jaeggli
- Re: ESSID ietf-nat64-unencrypted at IETF 100 Alexandre Petrescu