On Mar 29, 2022, at 12:53 PM, Michael Richardson <[email protected]> wrote: >> Use the normal SSID. Unauthenticated EAP-TLS. User ID of >> "[email protected]". > > But that could be even worse in many settings! > To do this safely means setting up layer-2 isolation for the device so that > it can't talk to (or attack) any other device (nor be attacked). > > Or do you have some other idea on how to support this?
Layer 2 isolation is the main one. There's also the realization that modern access devices are fairly powerful, and many contain walled gardens / captive portals. It shouldn't be difficult to extend that functionality with basic provisioning methods based on DNS / web. Which the systems already have. Alan DeKok. _______________________________________________ Emu mailing list [email protected] https://www.ietf.org/mailman/listinfo/emu
