Many places have problems with OSCP... they don't let users that join the portal
check for the OCSP validity (forget to allow for this in firewall) of the
portal's certificate. That will make some OSes that
don't automatically switch to CRL fail.
Or worse, certificate providers change the IP
On our captive portal we just run a cron job once a day to pull the
latest OCSP IP addresses to be whitelisted, and never have had a problem
with SSL.
Dale
Thus spake Hanset, Philippe C (phan...@utk.edu) on Mon, Dec 02, 2013 at
06:58:24PM +:
Many places have problems with OSCP... they
On 19 Nov 2013, at 21:00, Ken LeCompte lecom...@oit.rutgers.edu wrote:
One major consideration is that the use of https for more and more webpages
is resulting in more confused users not getting redirected to captive portal
login pages.
A workaround for some devices would be to to add a
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
List seems to sum it up pretty well.
I think user wise dot1x is better ... once setup. So while it may be more
of a pain to configure for some users, once configured the experience is much
better as they walk
, 2013 9:22 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
I can tell you we use dot1x here with AD credentials and it doesn't lend itself
to a good end-user experience. Our security policy requires password expiration
after 60 days. When a student's
20, 2013 1:30 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
List seems to sum it up pretty well.
I think user wise dot1x is better ... once setup. So while it may be more
of a pain to configure for some users, once configured the experience is much
Sent: 20-11-2013, 14:22
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
I can tell you we use dot1x here with AD credentials and it doesn't lend
itself to a good end-user experience. Our security policy requires password
expiration after 60 days. When
@LISTSERV.EDUCAUSE.EDU] on behalf of Coehoorn, Joel
[jcoeho...@york.edu]
Sent: Wednesday, November 20, 2013 9:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
rantWhat I really want to provide is an HTTPS-like experience for my users
that just works: an SSL layer
supplicant issue though? You can send back a
reason for authfailure, and then the client could prompt for a replacement
password.
--
ian
-Original Message-
From: Fleming, Tony
Sent: 20-11-2013, 14:22
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
Of Jason Cook
Sent: Wednesday, November 20, 2013 1:30 AM
To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
List seems to sum it up pretty well.
I think user wise dot1x is better ... once setup. So while it may
] on behalf of Coehoorn, Joel
[jcoeho...@york.edu]
Sent: Wednesday, November 20, 2013 9:24 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
rantWhat I really want to provide is an HTTPS-like experience for my users
that just works: an SSL layer
-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis, Bruce
Sent: Wednesday, November 20, 2013 3:05 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
On Nov
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
My problem with these approaches is their proprietary nature. I wonder how
this has been addressed/discussed in the IEEE groups...
Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel
Of Turner, Ryan H
Sent: Wednesday, November 20, 2013 3:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
My problem with these approaches is their proprietary nature. I wonder
how this has been addressed/discussed in the IEEE groups...
Ryan H Turner
: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H
Sent: Wednesday, November 20, 2013 3:16 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
My problem with these approaches
One major consideration is that the use of https for more and more webpages is
resulting in more confused users not getting redirected to captive portal login
pages. There is also the more obvious issue that client data is not encrypted
over the air, although you could argue that more and more
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
One major consideration is that the use of https for more and more webpages is
resulting in more confused users not getting redirected to captive portal login
pages. There is also the more obvious issue that client data is not encrypted
over the air
On 11/19/2013 4:05 PM, Peter P Morrissey wrote:
Can anyone name an application that does not have strong encryption?
I'm not arguing against 802.1x, because it works very well for us as users
don't have to authenticate constantly on a portal, and we seem to do a very
good job getting them
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
One major consideration is that the use of https for more and more webpages is
resulting in more confused users not getting redirected to captive portal login
pages. There is also the more obvious issue that client data is not encrypted
over the air
On Nov 19, 2013, at 15:05 , Peter P Morrissey ppmor...@syr.edu
wrote:
Can anyone name an application that does not have strong encryption?
Does not have strong encryption != Strong encryption is in use by default
DNS springs to mind.
Heck, just leave tcpdump running when you wake a
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ken LeCompte
Sent: Tuesday, November 19, 2013 4:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
One major consideration is that the use of https for more and more webpages
is resulting
from the top of my head...
###What's bad for the user:
-Captive portal: no encryption over the air, pesky re-authentication and
timeouts, no authentication of the infrastructure
(yes, when you accept that SSL Cert from RADIUS you actually authenticate the
infrastructure)
-802.1X: finicky
We use 802.1x to do machine auth on equipment that we own and that is in
the domain. We use Group Policy to push all of the settings. We have auth
type set to 'user or computer' once the user logs on it flips to user
auth. Its really cool because NAC will give the computer a 'Computer'
policy
: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hanset, Philippe C
Sent: Wednesday, 20 November 2013 9:56 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: Re: [WIRELESS-LAN] 802.1x vs web-portal
from the top of my head...
###What's bad
24 matches
Mail list logo