On Jan 7, 2016, at 1:11 AM, Mathieu Simon (Lists) <matsimon.lists@simweb.ch> wrote:
By building 3.0 from source I saw that the upcoming 3.0.11 will be actively logging that anonymous identities should be used* to protect identities.
The server will print warning messages in debug mode. It won't log anything to the log files.
So, what is the current take: Would you / Do you (recommend) enforcing the use of an anonymous identity, resulting in Access-Reject?
I do not recommend *enforcing* the use of an anonymous outer identities... until such time as you can be sure it will have minimal impact. As the author of RFC 7542, I believe that all *new* users should use anonymous outer identities. There are good reasons for it, and there are few reasons for using non-anonymous outer identities.
Do most enduser wireless devices finally support setting an anonymous identity these days?
If they don't, they're broken. If you find one which doesn't support outer identities, send a message to the list with the vendor / product / etc. We will publicly shame them. In most cases, I have contacts at the vendor, and can bug them to fix it. If the vendor doesn't *default* to anonymous outer identities, please also tell the list. Alan DeKok.