Re: Back to authentication on the IETF network (was: Re: IETF 78: getting to/from/around Maastricht)
Chris Elliott <chelliot@pobox.com> Mon, 12 July 2010 20:20 UTC
Return-Path: <chelliot@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 50FBD3A6BD6 for <ietf@core3.amsl.com>; Mon, 12 Jul 2010 13:20:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.738
X-Spam-Level:
X-Spam-Status: No, score=-0.738 tagged_above=-999 required=5 tests=[AWL=0.464, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R4Bmlf8MnuEA for <ietf@core3.amsl.com>; Mon, 12 Jul 2010 13:20:32 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id EC1C23A6C2E for <ietf@ietf.org>; Mon, 12 Jul 2010 13:20:29 -0700 (PDT)
Received: by gyh3 with SMTP id 3so3098609gyh.31 for <ietf@ietf.org>; Mon, 12 Jul 2010 13:20:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:references:in-reply-to :mime-version:content-transfer-encoding:content-type:message-id:cc :x-mailer:from:subject:date:to; bh=wR46Kt0pwE26Qco/mUpLseXxPvVwuioMGWWBTAU2C5k=; b=pWWFao/NzXPCYt1KJxaSiv2vRfDjQD2AfXhFxMbcwgOXUCZwQfSZXod9BGUclDIieY MDn4pB5K0jAcdiCugkA9GsyDzvqhxVNjdJDZOGHA6fb0YyOuHmfE0W0jZFTR+DIQ1ApG yov2JkehSlGLoWC72UQK1p45jl1ZMHPHdbMQE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:references:in-reply-to:mime-version :content-transfer-encoding:content-type:message-id:cc:x-mailer:from :subject:date:to; b=A7miCcrntSfFoVpPCnBkmU/TNOzeDCZ0W9PNkEJmHuCrC6HvPovg7lS0Jx+BdnoOL/ DYKAjpXl7/FdK4D4rCOrX2uh/e9k7tg4++qgJA+iR2reD5iE7k5OgXW+lcHxj3TLlr74 Qr4JrXwJmur1/ry9nZWPMAhIUIcxo+o3Ol2aA=
Received: by 10.224.47.130 with SMTP id n2mr8150472qaf.176.1278966035025; Mon, 12 Jul 2010 13:20:35 -0700 (PDT)
Received: from [10.0.1.9] (cpe-066-057-101-100.nc.res.rr.com [66.57.101.100]) by mx.google.com with ESMTPS id m24sm21174694qck.5.2010.07.12.13.20.33 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 12 Jul 2010 13:20:34 -0700 (PDT)
Sender: Chris Elliott <chelliot@gmail.com>
References: <AANLkTin0k3fwK3tOMJZ5XhWiKbYWu9t34JCHsloyXPuQ@mail.gmail.com> <AANLkTik64u2jHhSw2DurfEq66K8u23nXgyBKNiqH5pLk@mail.gmail.com>
In-Reply-To: <AANLkTik64u2jHhSw2DurfEq66K8u23nXgyBKNiqH5pLk@mail.gmail.com>
Mime-Version: 1.0 (iPhone Mail 8A293)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="Apple-Mail-1-11070619"
Message-Id: <808235A1-650E-44F7-B460-1AA6E5A9283E@pobox.com>
X-Mailer: iPhone Mail (8A293)
From: Chris Elliott <chelliot@pobox.com>
Subject: Re: Back to authentication on the IETF network (was: Re: IETF 78: getting to/from/around Maastricht)
Date: Mon, 12 Jul 2010 16:19:36 -0400
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, IETF-Discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jul 2010 20:20:33 -0000
On Jul 12, 2010, at 3:54 PM, Ted Hardie <ted.ietf@gmail.com> wrote: > On Mon, Jul 12, 2010 at 12:41 PM, Chris Elliott <chelliot@pobox.com> wrote: > >> I will suggest that in Beijing we may need to physically authenticate people >> coming into the terminal room, but I will leave the decision on whether and >> how to do that up to the host in Beijing. >> >> Chris. > > What does "physically authenticate people" mean here? Show that they > have a badge (common and meets the stated requirement of "keep the > IETF network for IETF attendees")? Or write down the name? Or write > down the name and the network port for the cable they pick up? > > The differences here are not subtle, and I don't think this question really > does belong with the hosts in Beijing. They can present requirements > to the IETF, but it is up to us to decide how to meet them. If their choice > in meeting the requirement "keep the IETF network for IETF attendees" > turns into "Track the network usage on a per attendee basis", the attendees > really need to know whether that is because that was the real requirement > all along or because the IETF management failed to provide a realistic > alternative that met the stated goal. Our requirement in Beijing is to meet the government restriction that only attendees of the meeting can access the Internet through our external link. There are no requirements for, and we will certainly not be doing, any monitoring of users. Period. I do not know the layout of the Beijing IETF meeting space. Therefore, I do not know the best approach to securing wired connections in the terminal room and elsewhere. I am suggesting, to be more explicit, that a guard at the door of the terminal room checking that everyone simply has an IETF badge, as we have done in many previous meetings, may be sufficient for Beijing as well, and the easiest solution for all. And we are working hand-in-hand with the Beijing folks first in Maastricht and then Beijing to refine the requirements and the implementation. Four or five of the folks that will be the core of the NOC team in Beijing are members of the NOC team in Maastricht and will be working with us throughout the meeting. Some of them will be staffing the help desk alongside the RIPE folks, so come by and introduce yourselves. Our roles will reverse in Beijing as they will be responsible for the network and we will be there to help. We are well aware of the concerns of IETF attendees around privacy. We share these concerns. Chris. > best regards, > > Ted Hardie
- Back to authentication on the IETF network (was: … Chris Elliott
- Re: Back to authentication on the IETF network (w… Ted Hardie
- Re: Back to authentication on the IETF network (w… Chris Elliott
- Re: Back to authentication on the IETF network todd glassey
- Re: Back to authentication on the IETF network (w… Randy Bush
- Re: Back to authentication on the IETF network (w… Joel Jaeggli