Re: Back to authentication on the IETF network
todd glassey <tglassey@earthlink.net> Mon, 12 July 2010 20:47 UTC
Return-Path: <tglassey@earthlink.net>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 855DE3A6BA6 for <ietf@core3.amsl.com>; Mon, 12 Jul 2010 13:47:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.389
X-Spam-Level:
X-Spam-Status: No, score=-1.389 tagged_above=-999 required=5 tests=[AWL=-0.280, BAYES_05=-1.11, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hxM5zPLznGP1 for <ietf@core3.amsl.com>; Mon, 12 Jul 2010 13:47:58 -0700 (PDT)
Received: from elasmtp-spurfowl.atl.sa.earthlink.net (elasmtp-spurfowl.atl.sa.earthlink.net [209.86.89.66]) by core3.amsl.com (Postfix) with ESMTP id 311613A6BA4 for <ietf@ietf.org>; Mon, 12 Jul 2010 13:47:58 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=JYQesl9BEu1CNHHRBcGGvmKTh1N95PeA3p2ZppsCAFgCfqso8kSQ9jdpd66IpjXe; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:References:In-Reply-To:Content-Type:X-ELNK-Trace:X-Originating-IP;
Received: from [64.125.79.149] (helo=[192.168.1.170]) by elasmtp-spurfowl.atl.sa.earthlink.net with esmtpa (Exim 4.67) (envelope-from <tglassey@earthlink.net>) id 1OYPv3-0006Za-PF for ietf@ietf.org; Mon, 12 Jul 2010 16:48:06 -0400
Message-ID: <4C3B7F89.8010702@earthlink.net>
Date: Mon, 12 Jul 2010 13:48:09 -0700
From: todd glassey <tglassey@earthlink.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.4) Gecko/20100608 Thunderbird/3.1
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Back to authentication on the IETF network
References: <AANLkTin0k3fwK3tOMJZ5XhWiKbYWu9t34JCHsloyXPuQ@mail.gmail.com> <AANLkTik64u2jHhSw2DurfEq66K8u23nXgyBKNiqH5pLk@mail.gmail.com> <808235A1-650E-44F7-B460-1AA6E5A9283E@pobox.com>
In-Reply-To: <808235A1-650E-44F7-B460-1AA6E5A9283E@pobox.com>
Content-Type: multipart/alternative; boundary="------------000109090606030501020701"
X-ELNK-Trace: 01b7a7e171bdf5911aa676d7e74259b7b3291a7d08dfec79a538b89d54cc8e60a1436210b4572255350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 64.125.79.149
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 20:47:59 -0000
On 7/12/2010 1:19 PM, Chris Elliott wrote: > On Jul 12, 2010, at 3:54 PM, Ted Hardie <ted.ietf@gmail.com > <mailto:ted.ietf@gmail.com>> wrote: > >> On Mon, Jul 12, 2010 at 12:41 PM, Chris Elliott <chelliot@pobox.com >> <mailto:chelliot@pobox.com>> wrote: >> >>> I will suggest that in Beijing we may need to physically >>> authenticate people >>> coming into the terminal room, but I will leave the decision on >>> whether and >>> how to do that up to the host in Beijing. >>> >>> Chris. >> >> What does "physically authenticate people" mean here? Show that they >> have a badge (common and meets the stated requirement of "keep the >> IETF network for IETF attendees")? Or write down the name? Or write >> down the name and the network port for the cable they pick up? >> >> The differences here are not subtle, and I don't think this question >> really >> does belong with the hosts in Beijing. They can present requirements >> to the IETF, but it is up to us to decide how to meet them. If their >> choice >> in meeting the requirement "keep the IETF network for IETF attendees" >> turns into "Track the network usage on a per attendee basis", the >> attendees >> really need to know whether that is because that was the real requirement >> all along or because the IETF management failed to provide a realistic >> alternative that met the stated goal. > > Our requirement in Beijing is to meet the government restriction that > only attendees of the meeting can access the Internet through our > external link. > > There are no requirements for, and we will certainly not be doing, any > monitoring of users. Period. You wont have to - the Chinese Government and several others will monitor that for you. You dont believe me - ask the Bureau of State Security... > > I do not know the layout of the Beijing IETF meeting space. Therefore, > I do not know the best approach to securing wired connections in the > terminal room and elsewhere. I am suggesting, to be more explicit, > that a guard at the door of the terminal room checking that everyone > simply has an IETF badge, as we have done in many previous meetings, > may be sufficient for Beijing as well, and the easiest solution for all. Yeah I bet. Todd > And we are working hand-in-hand with the Beijing folks first in > Maastricht and then Beijing to refine the requirements and the > implementation. Four or five of the folks that will be the core of the > NOC team in Beijing are members of the NOC team in Maastricht and will > be working with us throughout the meeting. Some of them will be > staffing the help desk alongside the RIPE folks, so come by and > introduce yourselves. > > Our roles will reverse in Beijing as they will be responsible for the > network and we will be there to help. > > We are well aware of the concerns of IETF attendees around privacy. We > share these concerns. > > Chris. > >> best regards, >> >> Ted Hardie > > > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf
- Back to authentication on the IETF network (was: … Chris Elliott
- Re: Back to authentication on the IETF network (w… Ted Hardie
- Re: Back to authentication on the IETF network (w… Chris Elliott
- Re: Back to authentication on the IETF network todd glassey
- Re: Back to authentication on the IETF network (w… Randy Bush
- Re: Back to authentication on the IETF network (w… Joel Jaeggli