Re: Admission Control to the IETF 78 and IETF 79 Networks

[SM <sm@resistor.net>]

At 08:26 01-07-10, Fred Baker wrote:
>While it is new in IETF meetings, it is far from unusual in WiFi 
>networks to find some form of authentication. This happens at coffee 
>shops, college campuses, corporate campuses, and people's 
>apartments. I think I would need some more data before I concluded 
>this was unreasonable.

I didn't conclude that it was unreasonable for reasons that are not 
mentioned above.

At 08:41 01-07-10, Dave CROCKER wrote:
>attendance includes many local folk.  Once upon a time, IETF 
>meetings constituted an extremely collegial environment among folks 
>who knew each other.  Today, attendance is much more diverse.

Yes.

At 08:50 01-07-10, Ole Jacobsen wrote:
>  I would have to disagree. You were probably not even born when we
>  had real terminal rooms with real terminals and computers and mean
>  looking security guards who very much did check badges. As stewards

No comment.

>  of the IETF meeting resources, I would say that it is perfectly
>  reasonable for the IAOC (or the local host) to control access to
>  <insert resource> to only meeting participants. There is no principal
>  difference between cookies and network here as far as I am concerned.
>  And as others have pointed out, access control to WiFi networks is
>  the norm rather than the exception, even when they are "free".

Two points:

  1. Resources are finite
  2. There can be abuse

Having an open IETF network should not be read as an encouragement 
for abuse or to make abusive use of the resources.  Some people may 
read it as an encouragement to do that.  As long as that number is 
insignificant, it's not a problem.  These people should not read this 
as meaning that they will get away with abuse.

In my initial message I mentioned that "the person enjoyed the same 
privileges as those who have paid".  Strictly speaking, that's a side 
effect of not enforcing access control.  My message should also not 
be read as an encouragement not to pay to attend the meeting.  The 
IETF might not be sustainable without the revenue from attendance fees.

At 12:05 01-07-10, Russ Housley wrote:
>Not totally right.  The person with a badge can get one or more slips
>with anonymous registration ID/passwords.  The badge-holder can then
>share the slip with accompanying persons (such as spouse or kids or <
>let's not go there ;-) > ).

The paragraph about that in the announcement did not go unnoticed.

At 12:38 01-07-10, Martin Rex wrote:
>Is there no more Terminal room on IETF these days with LAN access,
>where access to the area is monitored but access to the network
>is not de-anonymized?

There were such access at some point.  The IAOC may be able to 
confirm whether it will still be available.

At 16:19 01-07-10, Michael StJohns wrote:
>I agree with the above statement, but its really beside the 
>point.  The issue is not that the IETF and IETF attendees are 
>required to obey the laws of the venue, but rather whether or not 
>the IETF chooses to hold a meeting in a venue where the law is 
>sufficiently ... restrictive, draconian, capricious, ?? ... 
>to  require the IETF to change its model of operation.

There was a long discussion about that because the venue was 
selected.  My previous message was not to focus on that.

>This was specific to the "hotel gets to cancel the meeting on a 
>whim" issue, but seems somewhat applicable to this topic.  We're 
>instituting a new set of mechanisms , specific to this venue, not 
>driven by changes requested or suggested by the IETF. So we're not 
>doing this as  "run it in a fashon as we always have".

Yes.

>I would expect this (per user login) to fade away after Beijing - 
>unless and until the IAOC and IETF agrees that its necessary for the 
>longer term.  And I don't believe that discussion has been had.

Yes.

>With respect to this - it's too late to change the venue - and we're 
>at the whim of the venue governments and regulations so we're pretty 
>much stuck.  I'm hoping that further restrictions or changes will 
>not be imposed, but don't know that I'm confident that will be the case.

That's the reason why I didn't consider it as reasonable to argue 
about this change.  This does not mean that I would consider it as 
unreasonable if you or someone else was to raise such an argument.

>Going back to the IAOC, I would ask whether this requirement was 
>known at the time of the previous Beijing discussion?  If so, why 
>wasn't it brought up at that point in time and as part of the 
>discussion on venue acceptability.  If it was added later, when was 
>it added, and why wasn't the requirement made known to the broader 
>IETF prior to announcing the solution? Finally, I know this is a 
>hypothetical, but would this requirement have tipped the IAOC 
>decision the other way had it been known at the same time of the 
>previous discussion?

These questions came to mind.  I preferred not to ask them.

>I don't mean to pick on either you or the IAOC - you both are doing 
>a reasonable job steering among the shoals of the needs of the 
>various constituencies - just consider this an inquiry into how the 
>IETF should decide on how to decide whether a venue is acceptable.

Agreed.

At 20:27 01-07-10, Health wrote:
>ietf internet access is only for ietfers for free.

What is your definition of "ietfers"?

My initial message was more about social distance.  I don't know 
whether the admission control requirement is a sign that the gap 
cannot be bridged.

Regards,
-sm