[92all] IETF Wireless Network Changes
Chris Elliott <chelliot@pobox.com> Thu, 19 March 2015 21:03 UTC
Return-Path: <chelliot@gmail.com>
X-Original-To: 92all@ietfa.amsl.com
Delivered-To: 92all@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FE0C1ACEBD for <92all@ietfa.amsl.com>; Thu, 19 Mar 2015 14:03:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.077
X-Spam-Level:
X-Spam-Status: No, score=-0.077 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_12=0.6, J_CHICKENPOX_21=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LHIUmCLeQ5R7 for <92all@ietfa.amsl.com>; Thu, 19 Mar 2015 14:03:40 -0700 (PDT)
Received: from mail-oi0-x229.google.com (mail-oi0-x229.google.com [IPv6:2607:f8b0:4003:c06::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BB321ACECF for <92all@ietf.org>; Thu, 19 Mar 2015 14:03:40 -0700 (PDT)
Received: by oifl3 with SMTP id l3so45753756oif.0 for <92all@ietf.org>; Thu, 19 Mar 2015 14:03:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:sender:from:date:message-id:subject:to :content-type; bh=rGo1jnuFx9sbX1qlJxcfJ+Umpq3sWZWQiHgFn8RoDuI=; b=VA6c/mPL1F5mPXO4EbJEC5sQaWdERs9XMFj0AXAX4U/WQ0Q+y+YfmnnR35C+NfOMod Q8t0N7F4M74hi2haAYw8UaOqZgiMkSNwkFWlBLaMKxes8ZBod1xLDFmc+6tpj13yvU+f Vz2lnXjXM1O8M9TOMGDh7QWFZ90WKjFJeBF/yLeo9a+p+lT53UbiXrFka3ZgCc/8rfi8 2iM5f2VSnVFtZRtnDPSFulSSMG8kxkSaaZcNuNU4ts9awtyCZW9HkUKiGlzBKpAiljvh crXZiJIH2G4RWlxb5yP/LJ4mVFNJefMJLOwKMPHWEvS9HnTpA3clLK6tk+oYxNqySdnj +sJw==
X-Received: by 10.202.208.22 with SMTP id h22mr5760649oig.78.1426799020002; Thu, 19 Mar 2015 14:03:40 -0700 (PDT)
MIME-Version: 1.0
Sender: chelliot@gmail.com
Received: by 10.182.207.37 with HTTP; Thu, 19 Mar 2015 14:03:19 -0700 (PDT)
From: Chris Elliott <chelliot@pobox.com>
Date: Thu, 19 Mar 2015 16:03:19 -0500
X-Google-Sender-Auth: 0HfqAWOz-JK8lax-4kftqGt7Pdw
Message-ID: <CAO_Rpc+0yr3B7Qs4OMkKxyXzx9shwKm9BmTD3J0qxUS78P=eGg@mail.gmail.com>
To: 92all@ietf.org
Content-Type: multipart/alternative; boundary="001a113df1eec0d4850511aa88d8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/92all/jp_j2da_nas11-qhqDD3rpMPhuE>
X-Mailman-Approved-At: Thu, 19 Mar 2015 14:33:25 -0700
Subject: [92all] IETF Wireless Network Changes
X-BeenThere: 92all@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: chelliot@pobox.com
List-Id: "Mailing list of all 92 allfor official communication." <92all.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/92all>, <mailto:92all-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/92all/>
List-Post: <mailto:92all@ietf.org>
List-Help: <mailto:92all-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/92all>, <mailto:92all-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2015 21:03:43 -0000
All, The NOC team, after much discussion, has deployed some changes (we hope improvements…) to the IETF 92 network. More details below, but in short: the main “ietf” wireless network is now encrypted; when prompted for credentials, enter ietf for both the username and password. These changes are designed to: - improve wireless performance, - further encourage the use of the 5Ghz wireless spectrum, - encourage the use of layer 2 encryption, and yet, - provide access for older devices and those that don’t desire layer 2 encryption. We will be carefully monitoring the networks and, if issues are found, we will take appropriate action. We encourage you to send feedback and suggestions (noc@ietf.org) As this is the IETF, we expect to receive many conflicting suggestions. The NOC team is ultimately responsible for bringing a network that works for all IETF attendees, and we will be evaluating suggestions for possible inclusion at future meetings. Here’s a quick summary of the new network layout: SSID Description Encrypted Frequencies IP versions ietf The “default” ietf network yes 5Ghz only v4 and v6 ietf-legacy A network for legacy and unencrypted use no 2.4 and 5Ghz v4 and v6 ietf-2.4ONLY An encrypted network for 2.4Ghz users yes 2.4Ghz only v4 and v6 ietf-v6ONLY For users wanting a pure IPv6 yes 5Ghz only v6 only ietf-nat64 For users that want to only use a IPv6 stack, yet be able to reach some IPv4 resources yes 5Ghz only v6 with access to some v4 resources through NAT64 and DNS64 eduroam For educational users, authenticated against their home institution yes 2.4 and 5Ghz v4 and v6 ietf-hotel A network over the hotel infrastructure with no filtering and utilizing the IETF uplinks no 2.4 and (some locations) 5Ghz v4 and v6 All networks marked as encrypted will offer layer 2 security. This is done using WPA enterprise with 802.1X (PEAP or TTLS) authentication and AES or TKIP encryption. As usual, we are all using the same credentials (user “ietf”, password “ietf”), yet each user will get unique session encryption keys. Our Radius authentication servers use a certificate that you can verify by going to this page: https://www.ietf.org/registration/MeetingWiki/wiki/92net. The “ietf” SSID (the closest thing we have to a “default” wireless network) now only will be seen on the 5Ghz spectrum. This network is also now encrypted. The new “ietf-legacy” SSID will be open (no authentication or encryption) and available on both 2.4 and 5Ghz channels. This network is primarily designed for users of older (“legacy”) devices, but can be used by anyone for any reason. Obviously, there will be no layer 2 security. The “ietf-2.4ONLY” SSID will allow you to select the 2.4Ghz band yet get an encrypted connection. This will be useful for those with devices that support only 2.4Ghz and those that have some issue with the 5Ghz network configuration. The only changes to the “ietf-v6ONLY” and “ietf-nat64” SSIDs are the addition of encryption and the restriction to just the 5Ghz frequencies. While we’d like all attendees to use these SSIDs, we also improve the performance of the 2.4Ghz channels by reducing the number of SSID announcements. In addition, the majority of users of these networks have been doing so from 5Ghz-capable devices. “eduroam” hasn’t changed. Those of you that will be using it will already be aware of it. And, finally, the “ietf-hotel” SSID uses the hotel network infrastructure, yet the uplink is ours. This will give an improved experience for IETF users in their rooms and public spaces around the hotel not covered by the IETF wireless network. Note that, as we don’t control this network, we will need to work with the hotel to resolve any issues found. As a little background, we (the IETF) have discussed the layout of wireless networks here at the IETF several times over the last few years, most recently in a thread Jari Arkko started on the ietf-announce list, with followups on the ietf list, July 24th of last summer [1]. In addition, we (the IETF/IAB and I* things) have published several items in this space, including BCP 188 [2] and the IAB Statement on Internet Confidentiality [3]. After careful analysis and testing, the NOC team is now able to deploy changes in keeping with the above to the IETF 92 network. [1] “Security for the IETF wireless network“ http://www.ietf.org/mail-archive/web/ietf-announce/current/msg13073.html https://www.ietf.org/mail-archive/web/ietf/current/msg88796.html [2] “Pervasive Monitoring Is an Attack“ BCP 188, RFC 7258 https://tools.ietf.org/html/bcp188 [3] “IAB Statement on Internet Confidentiality“ https://www.iab.org/documents/correspondence-reports-documents/2014-2/iab-statement-on-internet-confidentiality/ “The IAB now believes it is important for protocol designers, developers, and operators to make encryption the norm for Internet traffic. Encryption should be authenticated where possible, but even protocols providing confidentiality without authentication are useful in the face of pervasive surveillance as described in RFC 7258.” -- Chris Elliott chelliot@pobox.com "What the f*ck is a sesame? It's a street...it's a way to open sh*t!" --Mitch Hedberg
- [92all] IETF Wireless Network Changes Chris Elliott