Hotel networks (Was Re: Security for the IETF wireless network)

Steve Crocker <steve@shinkuro.com> Fri, 25 July 2014 12:09 UTC

Return-Path: <steve@shinkuro.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3BB0A1B2801; Fri, 25 Jul 2014 05:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.773
X-Spam-Level:
X-Spam-Status: No, score=-0.773 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DSL=1.129, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMjUtA6Ihw0L; Fri, 25 Jul 2014 05:09:03 -0700 (PDT)
Received: from execdsl.com (remote.shinkuro.com [50.56.68.178]) by ietfa.amsl.com (Postfix) with ESMTP id 583941B27FE; Fri, 25 Jul 2014 05:09:03 -0700 (PDT)
Received: from dummy.name; Fri, 25 Jul 2014 12:09:03 +0000
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
Subject: Hotel networks (Was Re: Security for the IETF wireless network)
From: Steve Crocker <steve@shinkuro.com>
In-Reply-To: <CFF7BBD1.28A2F%wesley.george@twcable.com>
Date: Fri, 25 Jul 2014 08:09:03 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B1DA3E3-F195-4CBC-B565-85CAFC31CB1B@shinkuro.com>
References: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org> <CFF7BBD1.28A2F%wesley.george@twcable.com>
To: "George, Wes" <wesley.george@twcable.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/9DGq0glz7f2bEp6_Aq75jY5nH3M
Cc: IETF Chair <chair@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 12:09:06 -0000

If we’re going to discuss hotel networks, encryption of the channel is nice to have but there are more serious problems.

o Many hotel networks restrict the ports that can be reached.  This results in an absolute failure for some of us.

o Many hotel networks do not support the full range of options for DNSSEC.

o Many hotel networks have very poor bandwidth and become overloaded when the IETF comes to town.

The meetings team does an excellent job of planning and running the meetings.  They do extensive investigation of each proposed meeting site and they do a stellar job setting up and running the networks at each meeting.  I wish they would also test the hotel networks in advance and report to all of us the limitations we’re likely to encounter.  And, of course, it would be pretty easy for a volunteer group of IETFers to organize a reporting effort too.

Steve





On Jul 25, 2014, at 7:59 AM, George, Wes <wesley.george@twcable.com> wrote:

> Jari, while I support this idea, if I had to prioritize, I'd rather us
> focus on consistently offering *any* secured WiFi option in the hotel
> rooms.
> 
> Here at the Fairmont, for example: ietf-hotel is the only SSID available,
> and it's not secure. Yes, one could use wired, assuming one's widget has
> an ethernet plug, but many now don't.
> 
> I realize that this request is often limited by the host hotel's
> infrastructure, which may or may not support .1x, but even if the best we
> can do is to offer WPA2 with "IETF", or "encryptionFTW" as the password,
> that'd be a great improvement over what we have currently.
> 
> Thanks,
> 
> Wes
> 
> 
> On 7/24/14, 4:38 PM, "IETF Chair" <chair@ietf.org> wrote:
> 
>> While many of us have been working on improved transport and other
>> security mechanisms, I’d like to observe that the default wireless
>> network we are using here in Toronto is unencrypted over the air.  I am
>> not sure how good practice that is. And it is probably not a good example
>> either.
>> 
>> Could we consider making 802.1X the default, for instance, starting in
>> Honolulu meeting? At least in the sense of the ietf SSID providing
>> security and perhaps ietf-nosec providing the current behaviour?
>> 
>> It would also be helpful if you try it now. The two SSIDs, ietf.1x and
>> ietf-a.1x are available now, we recommend you use them and we would
>> appreciate your reporting any problems. The user ID and password are both
>> 'ietf' (sans quotes).
>> 
>> Jari Arkko
>> IETF Chair
>> (with input from some NOC people)
>> 
> 
> 
> This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.