Re: Security for the IETF wireless network
Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 24 July 2014 20:58 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0999B1A035D for <ietf@ietfa.amsl.com>; Thu, 24 Jul 2014 13:58:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eN0tgGjC9WYe for <ietf@ietfa.amsl.com>; Thu, 24 Jul 2014 13:58:02 -0700 (PDT)
Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CF7A31A03BD for <ietf@ietf.org>; Thu, 24 Jul 2014 13:58:01 -0700 (PDT)
Received: by mail-wg0-f42.google.com with SMTP id l18so3299661wgh.25 for <ietf@ietf.org>; Thu, 24 Jul 2014 13:57:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=WscjEwlXImCcby2YKLPsEfWv94F+ixW8I2sRoXtMAdI=; b=n6N8iNH3NKxAdGT5msilYKDhC90+MyRdu49gt5Uw048QrK7+omuMhBO1GHC1UR0Q9T PLVOUOGzoTKfA4ept2G9Ya4cMktt5oL0ZIaemxwSM0IsUCFsNRtU8zUxhQpe6zhXuVoQ wMT8hVP0MmCED2QmBnK60+e9bwcwMKOBcr8Aw7yqrjRExRFn+TFEc7ugyz17t53JiD/F C6vxpP6nRS3ceU9jWJnQkDVFM//QEhArKBXWDGxwSrR1vZJ48/PT1jblJpL+Wd3o/WPd iVO5rv0LpCCC1A12OZetO2XaV9+0/Zw35p+344Ttk7BjfzjYOtWyd85fTK2Dd7t3MPbe otKw==
X-Received: by 10.194.83.39 with SMTP id n7mr16193927wjy.58.1406235479360; Thu, 24 Jul 2014 13:57:59 -0700 (PDT)
Received: from [31.133.160.177] (dhcp-a0b1.meeting.ietf.org. [31.133.160.177]) by mx.google.com with ESMTPSA id w6sm18989285wjr.4.2014.07.24.13.57.53 for <ietf@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 24 Jul 2014 13:57:58 -0700 (PDT)
Message-ID: <53D17359.2030505@gmail.com>
Date: Fri, 25 Jul 2014 08:58:01 +1200
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Security for the IETF wireless network
References: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org>
In-Reply-To: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/l0g6hJ0YU76Fokz1U6IVoGMd5Nw
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jul 2014 20:58:07 -0000
Well, since you had a reply-to to this unmoderated list :-)... This is what I get (Windows 7): Radius Server: services.meeting.ietf.org Root CA: Starfield Class 2 Certification Authority The server "services.meeting.ietf.org" presented a valid certificate issued by "Starfield Class 2 Certification Authority", but "Starfield Class 2 Certification Authority" is not configured as a valid trust anchor for this profile. Further, the server "services.meeting.ietf.org" is not configured as a valid NPS server to connect to for this profile. Regards Brian On 25/07/2014 08:38, IETF Chair wrote: > While many of us have been working on improved transport and other security mechanisms, I’d like to observe that the default wireless network we are using here in Toronto is unencrypted over the air. I am not sure how good practice that is. And it is probably not a good example either. > > Could we consider making 802.1X the default, for instance, starting in Honolulu meeting? At least in the sense of the ietf SSID providing security and perhaps ietf-nosec providing the current behaviour? > > It would also be helpful if you try it now. The two SSIDs, ietf.1x and ietf-a.1x are available now, we recommend you use them and we would appreciate your reporting any problems. The user ID and password are both 'ietf' (sans quotes). > > Jari Arkko > IETF Chair > (with input from some NOC people) > >
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network George, Wes
- Re: Security for the IETF wireless network George, Wes
- Hotel networks (Was Re: Security for the IETF wir… Steve Crocker
- Re: Security for the IETF wireless network joel jaeggli
- Re: [90all] Security for the IETF wireless network Randall Gellens
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Tim Wicinski
- Re: [90all] Security for the IETF wireless network Randy Bush
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… joel jaeggli
- Re: Hotel networks (Was Re: Security for the IETF… Steve Crocker
- Re: Hotel networks (Was Re: Security for the IETF… George Michaelson
- Re: Hotel networks (Was Re: Security for the IETF… John C Klensin
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network George Michaelson
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Brian E Carpenter
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network Bill Fenner
- Re: Security for the IETF wireless network John Levine
- Re: Security for the IETF wireless network Stefan Winter
- Re: Security for the IETF wireless network Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Samuel Weiler
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Niels Dettenbach (Syndicat IT&Internet)
- Re: Hotel networks (Was Re: Security for the IETF… Stefan Winter
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Randall Gellens
- Re: Hotel networks (Was Re: Security for the IETF… Melinda Shore
- Re: Security for the IETF wireless network Michael Richardson