Re: Admission Control to the IETF 78 and IETF 79 Networks
Phillip Hallam-Baker <hallam@gmail.com> Sat, 24 July 2010 18:37 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6CC3B3A6814; Sat, 24 Jul 2010 11:37:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[AWL=0.604, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CZunwWPjgGyV; Sat, 24 Jul 2010 11:37:13 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id C86F03A6887; Sat, 24 Jul 2010 11:37:12 -0700 (PDT)
Received: by iwn38 with SMTP id 38so1468711iwn.31 for <multiple recipients>; Sat, 24 Jul 2010 11:37:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=aGahvssL+Hmo4Eop0ORWqhG4nWQSF1HcKYHddmK8wlU=; b=osZ3NUsH54K07QbUtpFRQQuviVSLLpsZj3otnRcVf2AXCsnwXzj03Imsnh21lfATWZ flEeNH9w8X9HHX8H4FAW699N79ChDU3KtOAg5NyHvfb0qXlozGyK+VueEU0WK9chciDr krjQeN0zp0mb6//E4fEkDEF2mpB2lVwzwdbMo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=LemMhkEAUkNMxiO5UIpg3hlUYwMmW8TU/KUASiNylrQuFXjQaqtMC+IHxaCaV5IM2V 231c9v7yVuOis8OYTZsdY3k0kl9tifPvPq3/iFOdFJ27I2/3RfnL/aYOZNF2dTa3mNgC YgKvTnUUyoLa6wc4WanhLs7hBCPY/tCi600jY=
MIME-Version: 1.0
Received: by 10.231.182.204 with SMTP id cd12mr5891497ibb.101.1279996651512; Sat, 24 Jul 2010 11:37:31 -0700 (PDT)
Received: by 10.231.10.76 with HTTP; Sat, 24 Jul 2010 11:37:31 -0700 (PDT)
In-Reply-To: <4C4AE85A.7070308@ietf.org>
References: <CFB08C07-DE90-47BE-ADFF-FC72162BBFA1@daedelus.com> <4C2BBD51.2060605@ietf.org> <4C4AE85A.7070308@ietf.org>
Date: Sat, 24 Jul 2010 14:37:31 -0400
Message-ID: <AANLkTi=5Y9H1rBN=xVi0cbEwYZ+-RWYynDz-ycw-QSDS@mail.gmail.com>
Subject: Re: Admission Control to the IETF 78 and IETF 79 Networks
From: Phillip Hallam-Baker <hallam@gmail.com>
To: IETF Chair <chair@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Tue, 27 Jul 2010 23:31:16 -0700
Cc: 78all@ietf.org, IETF <ietf@ietf.org>, IETF Announce <ietf-announce@ietf.org>, IESG <iesg@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Jul 2010 18:37:15 -0000
Any chance of a link to specs showing how it is done? Might be something that maybe deserves to see wider use. On Sat, Jul 24, 2010 at 9:19 AM, IETF Chair <chair@ietf.org> wrote: > eduroam (education roaming) is the secure, world-wide roaming access > service developed for the international research and education > community. eduroam allows students, researchers and staff from > participating institutions to obtain Internet connectivity across campus > and when visiting other participating institutions by simply opening > their laptop. Since we expect a reasonable attendance at IETF from > eduroam-connected sites, IETF participants with an eduroam account > configured, should get connected to the wireless network right away with > their usual credentials. > > Enjoy, > Russ > > On 6/30/2010 5:55 PM, IETF Chair wrote: >> I am writing to let you know about a change in the IETF meeting network. >> At IETF 79 in Beijing, the IETF network will be connected to the open >> Internet with absolutely no filtering. However, we have agreed with our >> hosts that only IETF meeting participants will have access to the >> network. Following sound engineering practices, we will deploy >> admission control mechanisms as part of the IETF 78 meeting network in >> Maastricht to ensure that they are working properly before they are >> mission critical. >> >> I am writing to let you know what to expect in both Maastricht and Beijing. >> >> >> ADMISSION CONTROL CREDENTIALS >> >> To gain access to the IETF network, you will need to provide a >> credential. Your primary credential will be your registration ID. You >> can find your registration ID on the registration web page, in the >> response email confirmation you received from the Secretariat, on your >> payment receipt, and on the back of your IETF meeting badge. Your >> Registration ID will be your user name, and it will be used with a >> password that will be provided at a later date. This same password will >> be used by all attendees. >> >> We recognize that IETF 78 registration IDs are very easy to guess. We >> expect to use less easily guessed registration IDs for IETF 79. >> >> If for any reason you are uncomfortable using your Registration ID, >> there will be a supply of completely anonymous Registration ID/Password >> pairs on slips of paper available at the help desk and registration >> desk. You will be asked to show an IETF meeting badge to ensure that >> slips are only provided to registered meeting attendees. >> >> Each set of credentials will allow up to three separate MAC addresses on >> the network, allowing attendees to use the same credential for their >> laptop, phone, or other devices. The limit is to prevent the leak of a >> single credential from undermining the entire system. >> >> >> GAINING ACCESS TO THE NETWORK >> >> The primary mechanism to gain access to the wireless network will be >> either the "ietf.1x" or "ietf-a.1x" SSID. These will be configured with >> WPA1 and WPA2 Enterprise. You simply provide your credentials to your >> supplicant software for authentication to the network. I personally >> encourage you to use WPA2 over WPA1 if your software and hardware >> support both. >> >> If your software does not support WPA Enterprise, you can use the >> captive portal. To use this portal, associate with either the >> "ietf-portal" or "ietf-a-portal" SSID. Upon initial connection, >> Internet connectivity will be blocked. Simply open a browser and go to >> any web site, just like many hotel networks, and you will be redirected >> to a portal page where you can enter your credentials. Once the >> credentials are validated, your MAC address will have unrestricted >> access to the network for some period of time. The portal page will >> also have links to the internal wiki page with helpful information as >> well as a way to create trouble tickets prior to authentication. >> >> If your small devices does not support WPA Enterprise and does not have >> a browser, then you will be able to visit the help desk and register the >> device MAC address for access to the network. If you need to register >> your device, please know the MAC address of your device before you show >> up at the help desk. >> >> >> FALLBACK PLAN >> >> Implementing this plan at IETF 78 in Maastricht is important, but >> obviously not without risk. The IEEE 802.1X-based access mechanisms >> have been well tested at previous meetings, and this mechanism is not >> likely to be a source of trouble. The captive portal, however, is a >> greater unknown. Please use the WPA SSIDs if at all possible to reduce >> the load on the portal machines. If the portals do experience problems, >> the NOC team will implement a backup plan. The backup plan will only be >> used as a last resort as the backup plan will not be an option at IETF >> 79 in Beijing. >> >> >> Safe Travel and Best Wishes, >> Russ Housley >> IETF Chair >> >> _______________________________________________ >> Ietf mailing list >> Ietf@ietf.org >> https://www.ietf.org/mailman/listinfo/ietf >> > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf > -- Website: http://hallambaker.com/
- Re: Admission Control to the IETF 78 and IETF 79 … Martin Rex
- Admission Control to the IETF 78 and IETF 79 Netw… IETF Chair
- Re: Admission Control to the IETF 78 and IETF 79 … SM
- Re: Admission Control to the IETF 78 and IETF 79 … Fred Baker
- Re: Admission Control to the IETF 78 and IETF 79 … Olivier MJ Crepin-Leblond
- Re: Admission Control to the IETF 78 and IETF 79 … Dave CROCKER
- Re: Admission Control to the IETF 78 and IETF 79 … Andrew Sullivan
- Re: Admission Control to the IETF 78 and IETF 79 … Richard L. Barnes
- Re: Admission Control to the IETF 78 and IETF 79 … Ole Jacobsen
- Re: Admission Control to the IETF 78 and IETF 79 … Joel Jaeggli
- Re: Admission Control to the IETF 78 and IETF 79 … Marshall Eubanks
- Re: Admission Control to the IETF 78 and IETF 79 … Andrew Sullivan
- Re: Admission Control to the IETF 78 and IETF 79 … Iljitsch van Beijnum
- Re: Admission Control to the IETF 78 and IETF 79 … Ted Hardie
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- Re: Admission Control to the IETF 78 and IETF 79 … Richard L. Barnes
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- Re: Admission Control to the IETF 78 and IETF 79 … Richard L. Barnes
- Re: Admission Control to the IETF 78 and IETF 79 … Iljitsch van Beijnum
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- Re: Admission Control to the IETF 78 and IETF 79 … David Conrad
- Re: Admission Control to the IETF 78 and IETF 79 … Joel Jaeggli
- Re: Admission Control to the IETF 78 and IETF 79 … Randy Bush
- Re: Admission Control to the IETF 78 and IETF 79 … Randy Bush
- Re: Admission Control to the IETF 78 and IETF 79 … Randy Bush
- Re: Admission Control to the IETF 78 and IETF 79 … Martin Rex
- Re: Admission Control to the IETF 78 and IETF 79 … Randy Bush
- Re: Admission Control to the IETF 78 and IETF 79 … John C Klensin
- Re: Admission Control to the IETF 78 and IETF 79 … Ole Jacobsen
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- Re: Admission Control to the IETF 78 and IETF 79 … Michael StJohns
- Re: Admission Control to the IETF 78 and IETF 79 … Randy Bush
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- Re: Admission Control to the IETF 78 and IETF 79 … Russ Housley
- free internet for ieters only Health
- Re: Admission Control to the IETF 78 and IETF 79 … Robert Moskowitz
- Re: Admission Control to the IETF 78 and IETF 79 … Douglas Otis
- Re: Admission Control to the IETF 78 and IETF 79 … SM
- Re: Admission Control to the IETF 78 and IETF 79 … Ole Jacobsen
- Re: Admission Control to the IETF 78 and IETF 79 … Bob Hinden
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker
- Re: Admission Control to the IETF 78 and IETF 79 … SM
- Re: Admission Control to the IETF 78 and IETF 79 … Iljitsch van Beijnum
- Re: Admission Control to the IETF 78 and IETF 79 … Andrew G. Malis
- Re: Admission Control to the IETF 78 and IETF 79 … Marocco Enrico
- Re: Admission Control to the IETF 78 and IETF 79 … Ole Jacobsen
- Re: Admission Control to the IETF 78 and IETF 79 … Marocco Enrico
- Re: Admission Control to the IETF 78 and IETF 79 … Joel Jaeggli
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker
- Re: Admission Control to the IETF 78 and IETF 79 … Chris Elliott
- Re: Admission Control to the IETF 78 and IETF 79 … tytso
- Re: Admission Control to the IETF 78 and IETF 79 … Mark Atwood
- Re: Admission Control to the IETF 78 and IETF 79 … Chris Elliott
- Re: Admission Control to the IETF 78 and IETF 79 … joel jaeggli
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker
- Re: Admission Control to the IETF 78 and IETF 79 … Chris Elliott
- Re: Admission Control to the IETF 78 and IETF 79 … Chris Elliott
- Re: Admission Control to the IETF 78 and IETF 79 … Martin Rex
- Re: Admission Control to the IETF 78 and IETF 79 … Chris Elliott
- Re: Admission Control to the IETF 78 and IETF 79 … Douglas Otis
- Re: Admission Control to the IETF 78 and IETF 79 … Donald Eastlake
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker
- Re: Admission Control to the IETF 78 and IETF 79 … Iljitsch van Beijnum
- Re: Admission Control to the IETF 78 and IETF 79 … Iljitsch van Beijnum
- Re: Admission Control to the IETF 78 and IETF 79 … IETF Chair
- RE: Admission Control to the IETF 78 and IETF 79 … Josh Howlett
- Re: Admission Control to the IETF 78 and IETF 79 … Phillip Hallam-Baker