IETF Logo Mail Archive

Re: Admission Control to the IETF 78 and IETF 79 Networks

Chris Elliott <chelliot@pobox.com> Tue, 06 July 2010 15:59 UTC

Return-Path: <chelliot@gmail.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A78F3A65A6 for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 08:59:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lZTJpcxzdDe for <ietf@core3.amsl.com>; Tue, 6 Jul 2010 08:59:53 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 0FAAE3A63C9 for <ietf@ietf.org>; Tue, 6 Jul 2010 08:59:52 -0700 (PDT)
Received: by gyh3 with SMTP id 3so3448805gyh.31 for <ietf@ietf.org>; Tue, 06 Jul 2010 08:59:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:reply-to:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type; bh=Fz/eeGThey8vlqgfxqj+zkmOWXHz6yJvyArnImXxjzE=; b=AUSAjiYZm/I1YzQuq3eNNTGS0X8VNCB4XUXCWs3SL+/jR0sZAzUaSXmWCN6jFHpCHs ZVXVKyUd+DPDdXilc7BSXJeaCk4TgkHj9CEXioJZfUT6d99alw+YL7xW1pSEjfq33QPc bhFhkRE7CEEwAg/xTdCZr42LVQStyVoBABRDw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:reply-to:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=PAhcqWwPezejQzPiF7Jng/X3i5oFm0EiuXVMp7AGMnyRSU4VCfJozNjYmdETv7OQ8g jkcxspq9wopiYVs7E6iIGT9yWRvISV/S2mVMnDm3j8Yfa2Tduz2B1DEiuArPF9DnAxJe VNGnVw2XMXu1EPrzQcxVRoEzeMBHhOtmFKO3Q=
MIME-Version: 1.0
Received: by 10.103.252.15 with SMTP id e15mr1035867mus.67.1278431990933; Tue, 06 Jul 2010 08:59:50 -0700 (PDT)
Sender: chelliot@gmail.com
Received: by 10.231.113.34 with HTTP; Tue, 6 Jul 2010 08:59:50 -0700 (PDT)
In-Reply-To: <AANLkTilVmeg2Tgjgllg2yT3Oc34Y4ZuwXwl9U1ELfjhc@mail.gmail.com>
References: <CFB08C07-DE90-47BE-ADFF-FC72162BBFA1@daedelus.com> <4C2BBD51.2060605@ietf.org> <6.2.5.6.2.20100701070804.0c26b8a0@resistor.net> <6D6E25E2-057B-4591-9288-1283036D0374@cisco.com> <AANLkTinMFsrGyIy9bu5kzUiZqNmDbf7lpS-eht8h3hvP@mail.gmail.com> <CCD1D0AD-97DC-4CE0-9E27-CC75B5F47C54@muada.com> <AANLkTilVmeg2Tgjgllg2yT3Oc34Y4ZuwXwl9U1ELfjhc@mail.gmail.com>
Date: Tue, 06 Jul 2010 11:59:50 -0400
X-Google-Sender-Auth: 90sf0CsOV9ZATkW-UujrKokqa04
Message-ID: <AANLkTil0UTicDlXGeprBnWpM0JjaXm_PAL2J-XTBjxB1@mail.gmail.com>
Subject: Re: Admission Control to the IETF 78 and IETF 79 Networks
From: Chris Elliott <chelliot@pobox.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Content-Type: multipart/alternative; boundary="001636418641b06a54048aba2405"
Cc: Iljitsch van Beijnum <iljitsch@muada.com>, IETF Discussion <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: chelliot@pobox.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jul 2010 15:59:54 -0000

On Sat, Jul 3, 2010 at 3:13 PM, Phillip Hallam-Baker <hallam@gmail.com>wrote:

> The usability of these systems suck.
>
> Any time a user has to think when the computer can think for them is a
> failure. Every WiFi access control system I have ever used has
> required me to configure the computer.
>
> If the designers had actual brains instead of bits of liver strapped
> round their waist by dogbert then all that would be necessary to
> securely authenticate to the network is to give either the MAC address
> of the computer or the fingerprint of the cert.
>

MAC secure? Surely you jest.


> This configuration is going to cost several minutes per participant.
> Think of it on Enterprise scale and you have significant costs.
>
>
> And the coffee shop scenario is not about authentication, its really
> about getting acceptance of the terms of service.
>
>
> On Sat, Jul 3, 2010 at 12:02 PM, Iljitsch van Beijnum
> <iljitsch@muada.com> wrote:
> > On 2 jul 2010, at 2:30, Phillip Hallam-Baker wrote:
> >
> >> It has taken ten years for WiFi to get to a state where an adequate
> >> credential mechanism is supported, and it is still clunky.
> >
> > What are you talking about?? Enterprise type WPA where you authenticate
> against a back end server has been around for years, and with WPA2 it
> supports good encryption, too.
> >
> >> And they
> >> still don't have a decent mechanism to support the typical coffee shop
> >> type access mode.
> >
> > Well, you could use WPA(2) there too. People who don't have a working
> account yet for the hotspot in question would then log in as guest, create
> an account and then log in with that account.
> >
> > But I would argue that the IETF in general has ignored access control to
> IP networks and how this interacts with provisioning of addresses and other
> information once PPP was out the door. Look at the backflips that are
> required to provide ethernet-based broadband access. Although we can
> partially blame this on the lack of uptake of 802.1x which handles the
> authentication, but that still makes (IP-over-)ethernet-based broadband
> problematic because of its point-to-multipoint model that isn't appropriate
> for providing services.
> >
> >
>
>
>
> --
> Website: http://hallambaker.com/
> _______________________________________________
> Ietf mailing list
> Ietf@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf
>



-- 
Chris Elliott
chelliot@pobox.com

v2.23.0 | Report a Bug | By Email