IETF Logo Mail Archive

Re: Admission Control to the IETF 78 and IETF 79 Networks

Phillip Hallam-Baker <hallam@gmail.com> Sat, 03 July 2010 19:13 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 98EBB3A67B5 for <ietf@core3.amsl.com>; Sat, 3 Jul 2010 12:13:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.107
X-Spam-Level:
X-Spam-Status: No, score=-1.107 tagged_above=-999 required=5 tests=[AWL=0.003, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1S4JmguIpoCE for <ietf@core3.amsl.com>; Sat, 3 Jul 2010 12:13:16 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 33FB03A6781 for <ietf@ietf.org>; Sat, 3 Jul 2010 12:13:16 -0700 (PDT)
Received: by iwn10 with SMTP id 10so2061574iwn.31 for <ietf@ietf.org>; Sat, 03 Jul 2010 12:13:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=b7sCjxDOHanQpmXJqqA7LsXMvhIhGXYyLR0Cvs+C/k4=; b=vySkgjIMp+C2bBTKs4d2eqzzgG3yb9TCguprL96E9rqoVPVQRbJqEYO5alw+u1HRxG Ux0Kem75GzmN14pTV2b4Km0aCUPHen8uUz9an9WLYsghVrA2R8TLC1RnDFvCDlO8AT5t 2m+x8+rxAtBanC5aX1aPaTAmkW3Z9q0f1VaW8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=C/dal/LCJmMybhoiIJgWH1uQUbb4JDKiNEWBrYbCu8cVuAplU8nu/VB4+MXhW36vkZ fxz5aGFURCjTJ6daajBNcjndEkjcpmc6Z8njXJs1Id/YI3E9yNlH+Y8hzWD08djpA8kC azISbJq8mrHLyVYBjtBC/j8npkoO9epY2ewuM=
MIME-Version: 1.0
Received: by 10.231.203.15 with SMTP id fg15mr716170ibb.187.1278184408577; Sat, 03 Jul 2010 12:13:28 -0700 (PDT)
Received: by 10.231.14.73 with HTTP; Sat, 3 Jul 2010 12:13:28 -0700 (PDT)
In-Reply-To: <CCD1D0AD-97DC-4CE0-9E27-CC75B5F47C54@muada.com>
References: <CFB08C07-DE90-47BE-ADFF-FC72162BBFA1@daedelus.com> <4C2BBD51.2060605@ietf.org> <6.2.5.6.2.20100701070804.0c26b8a0@resistor.net> <6D6E25E2-057B-4591-9288-1283036D0374@cisco.com> <AANLkTinMFsrGyIy9bu5kzUiZqNmDbf7lpS-eht8h3hvP@mail.gmail.com> <CCD1D0AD-97DC-4CE0-9E27-CC75B5F47C54@muada.com>
Date: Sat, 03 Jul 2010 15:13:28 -0400
Message-ID: <AANLkTilVmeg2Tgjgllg2yT3Oc34Y4ZuwXwl9U1ELfjhc@mail.gmail.com>
Subject: Re: Admission Control to the IETF 78 and IETF 79 Networks
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Tue, 06 Jul 2010 08:01:12 -0700
Cc: IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jul 2010 19:13:17 -0000

The usability of these systems suck.

Any time a user has to think when the computer can think for them is a
failure. Every WiFi access control system I have ever used has
required me to configure the computer.

If the designers had actual brains instead of bits of liver strapped
round their waist by dogbert then all that would be necessary to
securely authenticate to the network is to give either the MAC address
of the computer or the fingerprint of the cert.


This configuration is going to cost several minutes per participant.
Think of it on Enterprise scale and you have significant costs.


And the coffee shop scenario is not about authentication, its really
about getting acceptance of the terms of service.


On Sat, Jul 3, 2010 at 12:02 PM, Iljitsch van Beijnum
<iljitsch@muada.com> wrote:
> On 2 jul 2010, at 2:30, Phillip Hallam-Baker wrote:
>
>> It has taken ten years for WiFi to get to a state where an adequate
>> credential mechanism is supported, and it is still clunky.
>
> What are you talking about?? Enterprise type WPA where you authenticate against a back end server has been around for years, and with WPA2 it supports good encryption, too.
>
>> And they
>> still don't have a decent mechanism to support the typical coffee shop
>> type access mode.
>
> Well, you could use WPA(2) there too. People who don't have a working account yet for the hotspot in question would then log in as guest, create an account and then log in with that account.
>
> But I would argue that the IETF in general has ignored access control to IP networks and how this interacts with provisioning of addresses and other information once PPP was out the door. Look at the backflips that are required to provide ethernet-based broadband access. Although we can partially blame this on the lack of uptake of 802.1x which handles the authentication, but that still makes (IP-over-)ethernet-based broadband problematic because of its point-to-multipoint model that isn't appropriate for providing services.
>
>



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email