On Fri, Jul 25, 2014 at 10:23 AM, Brian E Carpenter <
brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:
On 26/07/2014 02:12, Bill Fenner wrote:
On Fri, Jul 25, 2014 at 9:11 AM, Stefan Winter
<stefan(_dot_)winter(_at_)restena(_dot_)lu
wrote:
Hi,
To use 802.1X:
Associate to SSID: ietf.1x OR ietf-a.1x
Use TTLS or PEAP/MSCHAPv2
Do Not Verify Server Cert and we won't verify yours :)
^^^^^^^^^^^^^^^^^^^^^^^^^
I recall some email threads with the NOC about this sentence. It's IMHO
not a message the IETF should promote.
I believe there's a reasonable amount of support for opportunistic
encryption in the IETF.
The desired incremental delta between the "ietf" open SSID and the
"ietf.1x" encrypted SSID is the addition of encryption. The additional
validation of "is this really the IETF" has been a non-goal.
Fair enough. But that doesn't change the fact that my box doesn't
work that way by default and apparently I have to find out how
to override it. Being human, I reverted to the unencrypted network
instead.
Sorry, I assumed that this was just an annoying dialog and there was a
checkbox for "do it anyway". We will have to find a way to manage the
usability on Windows, whether that means "buy a cert from someone who is in
Microsoft's default trust list too" or "provide instructions for Windows
users" or what.
Bill