On Fri, Jul 25, 2014 at 9:11 AM, Stefan Winter
<stefan(_dot_)winter(_at_)restena(_dot_)lu>
wrote:
Hi,
To use 802.1X:
Associate to SSID: ietf.1x OR ietf-a.1x
Use TTLS or PEAP/MSCHAPv2
Do Not Verify Server Cert and we won't verify yours :)
^^^^^^^^^^^^^^^^^^^^^^^^^
I recall some email threads with the NOC about this sentence. It's IMHO
not a message the IETF should promote.
I believe there's a reasonable amount of support for opportunistic
encryption in the IETF.
The desired incremental delta between the "ietf" open SSID and the
"ietf.1x" encrypted SSID is the addition of encryption. The additional
validation of "is this really the IETF" has been a non-goal.
It's appropriate for organizations with different goals to have different
policies.
Bill