ietf
[Top] [All Lists]

Re: meeting ietf-legacy ssid

2017-07-13 17:55:09
On 7/12/2017 8:55 PM, Randy Bush wrote:
> defense in depth.  you do what you can on every link and layer.

The problem with a generic cliche like defense in depth is that there is not way to judge what's meaningful and useful and what isn't. Obviously there is defense in depth if I run two anti-virus applications rather than only one? Oh... there isn't?

And the idea that it's best to do what you can at every layer presumably means that we need to put checksums back into IPv6?

On the other hand, the basic question of whether one is /positive/ that all activity is protected by TLS is worth considering (though such coverage was the premise to my original query.)



On 7/12/2017 11:08 PM, joel jaeggli wrote:
wpa2 enterprise provides forward security, merely using the same
username and password doesn't provide you with the ability to snoop
other traffic.

Oh. So a bad actor having the shared key and being able to wiretap the key exchange sequences at the startup of other users doesn't represent a threat? (I'd heard otherwise, but admit to not having researched this carefully.)

And only WPA2 is supported on the IETF net(s)?



d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net

<Prev in Thread] Current Thread [Next in Thread>