IETF Logo Mail Archive

Re: Back to authentication on the IETF network

todd glassey <tglassey@earthlink.net> Mon, 12 July 2010 20:47 UTC

Return-Path: <tglassey@earthlink.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 855DE3A6BA6 for <ietf@core3.amsl.com>; Mon, 12 Jul 2010 13:47:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[AWL=-0.280, BAYES_05=-1.11, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hxM5zPLznGP1 for <ietf@core3.amsl.com>; Mon, 12 Jul 2010 13:47:58 -0700 (PDT)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by core3.amsl.com (Postfix) with ESMTP id 311613A6BA4 for <ietf@ietf.org>; Mon, 12 Jul 2010 13:47:58 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=JYQesl9BEu1CNHHRBcGGvmKTh1N95PeA3p2ZppsCAFgCfqso8kSQ9jdpd66IpjXe; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:X-ELNK-Trace:X-Originating-IP;
Received: from [64.125.79.149] (helo=[192.168.1.170]) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1OYPv3-0006Za-PF for ietf@ietf.org; Mon, 12 Jul 2010 16:48:06 -0400
Message-ID: <4C3B7F89.8010702@earthlink.net>
Date: Mon, 12 Jul 2010 13:48:09 -0700
From: todd glassey <tglassey@earthlink.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Back to authentication on the IETF network
References: <AANLkTin0k3fwK3tOMJZ5XhWiKbYWu9t34JCHsloyXPuQ@mail.gmail.com> <AANLkTik64u2jHhSw2DurfEq66K8u23nXgyBKNiqH5pLk@mail.gmail.com> <808235A1-650E-44F7-B460-1AA6E5A9283E@pobox.com>
In-Reply-To: <808235A1-650E-44F7-B460-1AA6E5A9283E@pobox.com>
Content-Type: multipart/alternative; boundary="------------000109090606030501020701"
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79a538b89d54cc8e60a1436210b4572255350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 64.125.79.149
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 20:47:59 -0000

 On 7/12/2010 1:19 PM, Chris Elliott wrote:
> On Jul 12, 2010, at 3:54 PM, Ted Hardie <ted.ietf@gmail.com
> <mailto:ted.ietf@gmail.com>> wrote:
>
>> On Mon, Jul 12, 2010 at 12:41 PM, Chris Elliott <chelliot@pobox.com
>> <mailto:chelliot@pobox.com>> wrote:
>>
>>> I will suggest that in Beijing we may need to physically
>>> authenticate people
>>> coming into the terminal room, but I will leave the decision on
>>> whether and
>>> how to do that up to the host in Beijing.
>>>
>>> Chris.
>>
>> What does "physically authenticate people" mean here?  Show that they
>> have a badge (common and meets the stated requirement of "keep the
>> IETF network for IETF attendees")?  Or write down the name?   Or write
>> down the name and the network port for the cable they pick up?
>>
>> The differences here are not subtle, and I don't think this question
>> really
>> does belong with the hosts in Beijing.  They can present requirements
>> to the IETF, but it is up to us to decide how to meet them.  If their
>> choice
>> in meeting the requirement "keep the IETF network for IETF attendees"
>> turns into "Track the network usage on a per attendee basis", the
>> attendees
>> really need to know whether that is because that was the real requirement
>> all along or because the IETF management failed to provide a realistic
>> alternative that met the stated goal.
>
> Our requirement in Beijing is to meet the government restriction that
> only attendees of the meeting can access the Internet through our
> external link.
>
> There are no requirements for, and we will certainly not be doing, any
> monitoring of users. Period.

You wont have to - the Chinese Government and several others will
monitor that for you. You dont believe me - ask the Bureau of State
Security...


>
> I do not know the layout of the Beijing IETF meeting space. Therefore,
> I do not know the best approach to securing wired connections in the
> terminal room and elsewhere. I am suggesting, to be more explicit,
> that a guard at the door of the terminal room checking that everyone
> simply has an IETF badge, as we have done in many previous meetings,
> may be sufficient for Beijing as well, and the easiest solution for all.
Yeah I bet.

Todd
> And we are working hand-in-hand with the Beijing folks first in
> Maastricht and then Beijing to refine the requirements and the
> implementation. Four or five of the folks that will be the core of the
> NOC team in Beijing are members of the NOC team in Maastricht and will
> be working with us throughout the meeting. Some of them will be
> staffing the help desk alongside the RIPE folks, so come by and
> introduce yourselves.
>
> Our roles will reverse in Beijing as they will be responsible for the
> network and we will be there to help.
>
> We are well aware of the concerns of IETF attendees around privacy. We
> share these concerns.
>
> Chris.
>
>> best regards,
>>
>> Ted Hardie
>
>
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email