IETF Logo Mail Archive

Re: Hotel networks (Was Re: Security for the IETF wireless network)

Stefan Winter <stefan.winter@restena.lu> Fri, 25 July 2014 14:11 UTC

Return-Path: <stefan.winter@restena.lu>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4214E1B2828 for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 07:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, WEIRD_PORT=0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6zkuwreXSoTu for <ietf@ietfa.amsl.com>; Fri, 25 Jul 2014 07:11:17 -0700 (PDT)
Received: from smptrelay.restena.lu (smtprelay.restena.lu [158.64.1.62]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94F9B1A033A for <ietf@ietf.org>; Fri, 25 Jul 2014 07:10:28 -0700 (PDT)
Received: from [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7] (unknown [IPv6:2001:a18:1:8:921b:eff:fe1b:d2e7]) by smptrelay.restena.lu (Postfix) with ESMTPS id 6FEA043A7E for <ietf@ietf.org>; Fri, 25 Jul 2014 16:10:27 +0200 (CEST)
Message-ID: <53D26553.60200@restena.lu>
Date: Fri, 25 Jul 2014 16:10:27 +0200
From: Stefan Winter <stefan.winter@restena.lu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Hotel networks (Was Re: Security for the IETF wireless network)
References: <0FE63216-9BE8-450F-80FB-D1DB6166DFEF@ietf.org> <CFF7BBD1.28A2F%wesley.george@twcable.com> <8B1DA3E3-F195-4CBC-B565-85CAFC31CB1B@shinkuro.com> <3708BC187C6387C727398CBB@JCK-EEE10> <53D25E42.1010903@bogus.com> <4ECAD61D-C3CE-4A6E-B4DE-F3A57EA6601A@shinkuro.com> <CAKr6gn0igB_JwZkkJkTMttQF5+Vuyyimnm3q6mrVh_WrpvOFFw@mail.gmail.com>
In-Reply-To: <CAKr6gn0igB_JwZkkJkTMttQF5+Vuyyimnm3q6mrVh_WrpvOFFw@mail.gmail.com>
X-Enigmail-Version: 1.6
OpenPGP: id=8A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="PQ4Tbvi8qdEAAF73aMCW1iUeg6DD8T94k"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/A9GsTZzm40HSGuJCOYKGVsf5Trg
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2014 14:11:19 -0000

Hi,

> I had the 1x as my pref from prior IETF and "it just worked".

Did you ever verify the server cert?

Assuming you didn't (because NOC doesn't tell us what to expect), how do
you know you connected to the IETF network, and not some evil twin who
is able to spell "ietf-1x" correctly in his AP config dialog?

Greetings,

Stefan Winter

> 
> OSX appears to have gone to a place where stop-start on wifi across
> sleep/wake is a pain, but I cannot hold the noc responsible for that.
> Contrariwise, I arrived 2 DAYS before the kick off of 'real' IETF and I
> had IETF backed net almost immediately.
> 
> Well done. Thanks.
> 
> -G
> 
> 
> 
> 
> On Fri, Jul 25, 2014 at 9:43 AM, Steve Crocker <steve@shinkuro.com
> <mailto:steve@shinkuro.com>> wrote:
> 
>     I’m not at this IETF meeting and I’m not referring to the current
>     hotel network.  In the past, I’ve encountered all sorts of
>     restrictions and limitations.  Also, there is often a big difference
>     between the main hotel and the others.  In Maastricht, for example,
>     I stayed at what was apparently a dorm hotel and I could not get
>     access to nonstandard ports, e.g. for SSL protected access to my email.
> 
>     Steve
> 
>     On Jul 25, 2014, at 9:40 AM, joel jaeggli <joelja@bogus.com
>     <mailto:joelja@bogus.com>> wrote:
> 
>>     On 7/25/14, 9:29 AM, John C Klensin wrote:
>>>     Steve,
>>>
>>>     I completely agree with your comment and suggestions (including
>>>     at least knowing hotel network capabilities in advance of
>>>     arrival), but note that at least some of the reason while the
>>>     hotel networks perform so badly under IETF meeting load is that
>>>     many of them are seriously underprovisioned at multiple points.
>>>     If the meetings team were to perform simple tests (that we
>>>     helped design) based on the number of people in that team, they
>>>     would be likely to get good information about capability
>>>     limitations (e.g., ports and options) but would be unlikely to
>>>     get sufficient information about performance under serious load.
>>>     Clearly, we could figure out how to run a load test, but I
>>>     assume it would take a lot of cooperation from the hotel (or
>>>     several hundred of us occupying rooms).
>>
>>     so,
>>
>>     We've taken the hotel's captive portal / nat platform /internet
>>     service
>>     out of the path for the residential network for the week. We do this
>>     where possible, and in cases where we cannot this is typically noted.
>>
>>     While wifi coverage, lre/dsl and internal topology are out of our
>>     control, the hotel network is being served by the the IETF network and
>>     has no restrictions respecting authentication, ports available,
>>     middleboxes and so forth. There is nothing especially interesting to
>>     report there.
>>
>>>     best,
>>>        john
>>>
>>>
>>>     --On Friday, 25 July, 2014 08:09 -0400 Steve Crocker
>>>     <steve@shinkuro.com <mailto:steve@shinkuro.com>> wrote:
>>>
>>>>     If we're going to discuss hotel networks, encryption of the
>>>>     channel is nice to have but there are more serious problems.
>>>>
>>>>     o Many hotel networks restrict the ports that can be reached.
>>>>     This results in an absolute failure for some of us.
>>>>
>>>>     o Many hotel networks do not support the full range of options
>>>>     for DNSSEC.
>>>>
>>>>     o Many hotel networks have very poor bandwidth and become
>>>>     overloaded when the IETF comes to town.
>>>>
>>>>     The meetings team does an excellent job of planning and
>>>>     running the meetings.  They do extensive investigation of each
>>>>     proposed meeting site and they do a stellar job setting up and
>>>>     running the networks at each meeting.  I wish they would also
>>>>     test the hotel networks in advance and report to all of us the
>>>>     limitations we're likely to encounter.  And, of course, it
>>>>     would be pretty easy for a volunteer group of IETFers to
>>>>     organize a reporting effort too.
> 
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

v2.23.0 | Report a Bug | By Email